Granular Permissions
Right now Mongo Atlas allows you to assign two types of roles to all the users: Organization and Project, and for each set it gives you some predefined roles.
The problem with this is you can't have any kind of granular control of what permission is assigned to each user. (e.g. to allow a user to create a trigger through Mongo Stitch it needs the Project Owner role).
This is a major setback as I'm giving my coworkers more access than needed.
A good solution would be to have something like the database access control in this part so we can create our own custom roles to assign to he users.
Kico
shared this idea
-
Stanislav
commented
Same issue regarding access control management. we want Access Control Management to be a separate role.
-
Michael
commented
1. Each Organisation-Member is able to read the billing details of the organisation. This should be restricted. We facing problems with our governance, because each member is able to get details about billing in MongoDB Atlas.
2. As an Project-Owner, you are able to invite new member to you project and so implicitly to the organisation. But you are not able to delete member from the organisation. If you delete a member, he has still access to the organisation and is able to read the invoice. Even if that member has not access to any project.
3. Each member gets the invoice via mail. Again this is not a good idea from governance perspective. You can only restict this, by adding (only one) "Billing Email Address". There should be a solution, to send the invoice only to project owners or something like this.