MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Under Consideration
Categories Atlas CLI
Created by Jonny Roberts
Created on Oct 29, 2025

RELATED FEEDBACK

Atlas CLI provides a guided database user creation / management experience

What problem are you trying to solve?

Focus on the what and why of the need you have, not the how you'd like it solved.

The Atlas CLI allows users to create database accounts with multiple global admin-level roles (like readWriteAnyDatabase and dbAdminAnyDatabase) without any warnings or guidance. Users, especially those less familiar with MongoDB's role-based access control, can easily over-privilege accounts without realizing the security implications. There's no feedback to indicate they're granting broad permissions across all databases or violating least-privilege principles.

What would you like to see happen?

Describe the desired outcome or enhancement.

Add guardrails and guidance for when creating database users with high-risk roles, which could include:

  1. Pre-creation warning: Display a warning when multiple global roles are assigned, requiring explicit confirmation via --force or --confirm to proceed

  2. Post-creation advisory: Show an informational message after creating users with high-privilege roles, linking to RBAC best practices documentation

  3. Enhanced CLI help: Include guidance in atlas dbusers create --help about the risks of combining global roles

These measures should educate users at the point of action and link to MongoDB's security documentation (https://www.mongodb.com/docs/manual/core/security-users/#user-privileges).

Why is this important to you or your team?

Explain how the request adds value or solves a business need.

This feature provides critical guardrails for less experienced team members:

  • Prevents costly mistakes: Stops junior developers from accidentally creating security vulnerabilities

  • Enables safe delegation: Allows teams to confidently distribute user management tasks without constant senior oversight

  • Built-in education: Teaches MongoDB security best practices at the moment of decision-making

  • Reduces risk: Minimizes security incidents from overly permissive configurations

What steps, if any, are you taking today to manage this problem?

Currently, database user management is restricted to senior team members who understand MongoDB RBAC, or teams follow strict playbooks with manual review processes. Some organizations have implemented separate auditing controls to catch over-privileged accounts after creation, which is inefficient compared to preventing the issue upfront.