Skip to content

fix(mdb): multi-user - MTA-6329 #5377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 11, 2025
Merged

fix(mdb): multi-user - MTA-6329 #5377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
12f3499
fix(mdb): user mgmt
ldecarvalho-doc Jul 31, 2025
a54f71a
fix(mdb): multi-user
ldecarvalho-doc Aug 5, 2025
f6d56ab
fix(mdb): review bene
ldecarvalho-doc Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions menu/navigation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2442,6 +2442,10 @@
},
{
"items": [
{
"label": "Managing users",
"slug": "managing-users-api"
},
{
"label": "Back up and restore MongoDB® Databases",
"slug": "backup-and-restore"
Expand Down
129 changes: 129 additions & 0 deletions pages/managed-mongodb-databases/api-cli/managing-users-api.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
---
title: Managing MongoDB® users with the Scaleway API
description: This page explains how to manage MongoDB® users via the API
tags: managed-database database postgresql mongodb database-instance mongodb
dates:
validation: 2025-05-08
posted: 2025-04-08
---

When you create your MongoDB® Database Instance, a default user with administrative privileges is automatically created.

You can create more users and grant them pre-set roles via the [Scaleway Managed MongoDB® API](https://www.scaleway.com/en/developers/api/managed-database-mongodb/).

<Message type="important">
All users you create initially have administrator roles, which can be modified after creation using the [Apply user roles](https://www.scaleway.com/en/developers/api/managed-database-mongodb/#path-users-apply-user-roles) API call. However, the default user's role cannot be changed.
</Message>

### How to create a user

1. Edit the POST request payload you will use to create your user. Replace the values of each parameter with your values of choice following the parameter descriptions below.
```
{
"name": "<username>",
"password": "<password>",
}
```

| Parameter | Description |
| :--------------- | :----------------------------------------------------------------- |
| `name` | Set a name for the database user. |
| `password` | Set a password for the database user.|

2. Run the following command to create a user. Make sure you include the payload you edited in the previous step. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
```
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "<username>",
"password": "<password>",
}' \
"https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/par/instances/{instance_id}/users"
```

You should get a response like the following:
```
{
"name": "<username>",
"password": "<password>",
"roles": [
{
"role": "read_write",
"any_database": true
},
{
"role": "db_admin",
"any_database": true
},
{
"role": "sync",
"any_database": true
}
]
}
```

All users you create will have the `read_write`, `db_admin` and `sync` roles on all databases by default.

You can follow the steps below to update a user's role(s) to the one(s) of your choice.

### How to apply a role to a user

1. Edit the POST request payload you will use to update the user role. Replace the values of each parameter with your values of choice following the parameter descriptions below.

In this example, we define a single `read_write` role for the user. This role applies only in the `example-db` database.

<Message type="tip">
To grant the user this role in all databases, you can set `any_database` to true.
</Message>

```
{
"name": "<username>",
"roles": [
{
"role": "read_write",
"database": "example-db",
"any_database": false
}
]
}
```

| Role | Description |
| :--------------- | :----------------------------------------------------------------- |
| `read` | Read privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-read) for an extensive list of the privileges granted to this role. |
| `read_write` | Read and write privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readWrite) for an extensive list of the privileges granted to this role. |
| `db_admin` | Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-dbAdmin) for an extensive list of the privileges granted to this role. |
| `sync` | Role that aggregates three MongoDB roles: |
| | `clusterMonitor` - Read-only access to monitoring tools. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-clusterMonitor) for an extensive list of the privileges granted to this role. |
| | `backup` - Grants the minimal privileges needed to back up data. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-backup) for an extensive list of the privileges granted to this role. |
| | `restore` - Grants the privileges needed to restore data from backups. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-restore) for an extensive list of the privileges granted to this role. |

2. Run the following command to apply a new role to the user. Make sure you include the payload you edited in the previous step and that you replace the parameters in the call with your information. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.

```
curl -X PUT \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "<username>",
"roles": [
{
"role": "read_write",
"database": "<name_of_database>"
"any_database": false
}
]
}' \
"https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/instances/{instance_id}/roles"
```

If the call was successful, you will get the payload with the new role(s) as a response.

<Message type="note">
Assigning roles upon user creation will be possible by the second half of 2025. Refer to the [Scaleway Changelog](/changelog/?product=mongodb) to keep up with the latest Managed MongoDB® updates.
</Message>


174 changes: 50 additions & 124 deletions pages/managed-mongodb-databases/how-to/manage-users.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: How to manage a MongoDB® Database Instance user
description: This page explains how to manage the MongoDB® Database Instance default user
description: This page explains how to manage MongoDB® Database Instance users
tags: managed-database database postgresql mongodb database-instance mongodb
dates:
validation: 2025-04-08
Expand All @@ -18,133 +18,59 @@ Users can connect to a database and access its data.
- A valid [API key](/iam/how-to/create-api-keys/)
- A [MongoDB® Database Instance](/managed-mongodb-databases/quickstart)

## How to change the password of your user
## How to create a new user

1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
2. Click the database name to access the Database Instance information page.
3. Go to the **Users** tab.
4. Click **Create user**. A pop-up appears.
5. Enter a username and password for the user.
6. Click **Create User** to confirm. Your user is created. The privilege configuration wizard displays.
7. Set the privileges of your new user. You can select one or both of the following:

- **Global roles** - the privileges you set will apply to all your databases, existing and future. You can set one or more global roll at a time. The available global roles include:
- **Ready-only** (`read`) - Read privileges on all non-system collections and the `system.js` collection.
- **Read and write** (`read_write`) - Read and write privileges on all non-system collections and the `system.js` collection.
- **Sync** (`sync`) - Role that aggregates three MongoDB roles: `clusterMonitor`, `backup` and `restore`. This role can only be granted as a global role
- **DB admin** (`db_admin`) - Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management.
- **Specific roles** - the privileges will only apply to the databases you define. All global roles except `sync` can also be defined as specific roles.

<Message type="important">
You can manually enter a database that does not yet appear in the list and set privileges for it. This might be helpful as it can take up to 15 minutes before a recently created database appears in the list. You can also set privileges for databases before you create them. Keep in mind that the name you define in this step must be identical in spelling to that of the actual database.
</Message>

<Message type="tip">
Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/) for an extensive list of the privileges granted to each role.
</Message>

If you set a **global role**, select one or more roles in the drop-down.

If you set **specific roles**, enter the database(s) to which you want to apply the role first, then click **Set privileges**.
Check the box corresponding to the role(s) you wish to apply to each database in the list.

8. Click **Confirm** after reviewing your configuration.

The list of your users is updated. You can see an overview of the global and speficic roles next to the name of each user.

## How to update user privileges

1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
2. Click the database name to access the Database Instance information page.
3. Go to the **Users** tab.
4. Click <Icon name="more" />, then **Update privileges**. A pop-up appears.
5. Update the privileges according to your preferences, following the instructions described in step 7 of the [procedure above](#how-to-create-a-new-user).
6. Click **Update** after reviewing your configuration.

## How to change user passwords

1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
2. Click the database name or <Icon name="more" /> > **More info** to access the Database Instance information page.
3. Go to the **Users** tab. Your default user displays.
4. Click **Change password** to do so. A pop-up appears.
3. Go to the **Users** tab.
4. Click <Icon name="more" />, then **Change password**. A pop-up appears.
5. Enter your new password and confirm.

## How to create multi-users via the API

When you create your MongoDB® Database Instance, the first user is created by default and has admin rights.

You can create more users and grant them pre-set roles via the [Scaleway Managed MongoDB® API](https://www.scaleway.com/en/developers/api/managed-database-mongodb/).

<Message type="important">
All users you create have at first administrator roles, which can be changed after creation with the [Apply user roles](https://www.scaleway.com/en/developers/api/managed-database-mongodb/#path-users-apply-user-roles) call. The default user's role cannot be changed.
</Message>

### How to create a user

1. Edit the POST request payload you will use to create your user. Replace the values of each parameter with your values of choice following the parameter descriptions below.
```
{
"name": "<username>",
"password": "<password>",
}
```

| Parameter | Description |
| :--------------- | :----------------------------------------------------------------- |
| `name` | Set a name for the database user. |
| `password` | Set a password for the database user.|

2. Run the following command to create a user. Make sure you include the payload you edited in the previous step. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
```
curl -X POST \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "<username>",
"password": "<password>",
}' \
"https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/par/instances/{instance_id}/users"
```

You should get a response like the following:
```
{
"name": "<username>",
"password": "<password>",
"roles": [
{
"role": "read_write",
"any_database": true
},
{
"role": "db_admin",
"any_database": true
},
{
"role": "sync",
"any_database": true
}
]
}
```

All users you create will have the `read_write`, `db_admin` and `sync` roles on all databases by default.

You can follow the steps below to update a user's role(s) to the one(s) of your choice.

### How to apply a role to a user

1. Edit the POST request payload you will use to update the user role. Replace the values of each parameter with your values of choice following the parameter descriptions below.

In this example, we define a single `read_write` role for the user. This role applies only in the `example-db` database.

<Message type="tip">
To grant the user this role in all databases, you can set `any_database` to true.
</Message>

```
{
"name": "<username>",
"roles": [
{
"role": "read_write",
"database": "example-db",
"any_database": false
}
]
}
```

| Role | Description |
| :--------------- | :----------------------------------------------------------------- |
| `read` | Read privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-read) for an extensive list of the privileges granted to this role. |
| `read_write` | Read and write privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readWrite) for an extensive list of the privileges granted to this role. |
| `db_admin` | Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-dbAdmin) for an extensive list of the privileges granted to this role. |
| `sync` | Role that aggregates three MongoDB roles: |
| | `clusterMonitor` - Read-only access to monitoring tools. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-clusterMonitor) for an extensive list of the privileges granted to this role. |
| | `backup` - Grants the minimal privileges needed to back up data. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-backup) for an extensive list of the privileges granted to this role. |
| | `restore` - Grants the privileges needed to restore data from backups. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-restore) for an extensive list of the privileges granted to this role. |

2. Run the following command to apply a new role to the user. Make sure you include the payload you edited in the previous step and that you replace the parameters in the call with your information. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.

```
curl -X PUT \
-H "X-Auth-Token: $SCW_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "<username>",
"roles": [
{
"role": "read_write",
"database": "<name_of_database>"
"any_database": false
}
]
}' \
"https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/instances/{instance_id}/roles"
```

If the call was successful, you will get the payload with the new role(s) as a response.

<Message type="note">
Assigning roles upon user creation will be possible by the second half of 2025. Refer to the [Scaleway Changelog](/changelog/?product=mongodb) to keep up with the latest Managed MongoDB® updates.
</Message>





Loading