How to add userAdmin user in Mongodb Atlas

Question

How to add a user with userAdmin role in Atlas?

The Cluster Security "Add New User" UI https://cloud.mongodb.com/v2/.....#clusters/security/users shows only limited set of built-in roles without any option to enter role name manually:

So I am a bit stuck here - there are no options in the UI, and non of the existing roles allow to add users in a shell.

UPDATE:

To make it crystal clear I went To "Security" tab in MongoDB Atlas cluster, from there I clicked "Add a new User", clicked "Show advanced options" and got the screenshot above.

UPDATE 2:

None of the roles in the list have userAdmin privilege.

The most "powerful" atlasAdmin covers only:

readWriteAnyDatabase
readAnyDatabase
enableSharding
dbAdminAnyDatabase
clusterMonitor

and doesn't have enough privilege to execute db.createUser() command.

I have update my answer. I hope so that it will clarify all your query. — Md Haidar Ali Khan, Dec 06 '17 at 12:01

score 3 · Accepted Answer · answered Dec 07 '17 at 04:55

3

You cannot grant this role. The only way to create new MongoDB users in Atlas is either via the UI or the API. See Add MongoDB Users for details and note that this page states:

Atlas rolls back any user modifications not made through the UI or API. You must use the Atlas UI or API to add, modify, or delete MongoDB users on Atlas clusters.

See Create a Database User for details on how to create MongoDB users via the API.

answered Dec 07 '17 at 04:55

helmy

166
3

Thanks, sorry I missed this bit in the docs. Apparently even with the API I can't use any of my custom roles =( – Alex Blex Dec 07 '17 at 09:30

Md Haidar Ali Khan · Answer 2 · 2017-12-06T13:22:07.093

0

Go To "Security" tab in MongoDB Atlas cluster, from there you can "edit" or "Add a new User".

@Alex Blex, Let's start from Beginning, You want to create the 'user' admin. For what purpose you want to add the user. At "MongoDB Atlas Cluster" there is lists of "Role" Available like

Roles/Privileges

backup
clusterMonitor
dbAdmin
dbAdminAnyDatabase
enableSharding
read
readAnyDatabase
read
readAnyDatabase
readWrite
readWriteAnyDatabase

Suppose that you want to create a new "User" with "readWriteAnyDatabase" Role.

Step 1 : First Login to "MongoDB Atlas Cluster" through your User ID & Password Credential.

Step 2 : After login at first time you shall find the two Tab

Overview

Security

Click on the "Security" tab.

Step 3 : On the Right side above corner you shall find out the button "ADD NEW USER" click on that.

Step 4 : After click on "ADD NEW USER" , you shall find the screen as mention below.

Step 5 : Noted Down here, at this screen you decide what you want to do. I mean to say that what kind of User role you want to assigned.

If you shall not select "Show Advanced Options" then three tab

Atlas admin
Read and write any database
Only read any database

Will be available. And according to your requirement you can choose the option and their respective "User ID" and Password.

eg; Like "Atlas Login"

& "Read and write any database"

Step 6: If you shall click on "Advanced Roles/Privileges" the you shall find out option like

And the "Advanced Roles/Privileges"

Select the "Role" according to your requirement and set their "User ID" and "Password".

I hope so that it will help out to you.

After chat with @Alex i am creating the "Alex Blex" User with "dbAdmin" role for "AlexBlexDatabase".

See the screen shot below

edited Dec 06 '17 at 13:22

answered Dec 06 '17 at 10:07

Md Haidar Ali Khan

5,967
9
34
59

Thanks, apparently the question is not clear enough that the screenshot was taken exactly from this page. There is still no option to add user with userAdmin role. – Alex Blex Dec 06 '17 at 10:11
@Alex Blex, What "Role" you want to That user "atlasAdmin" Or "readWriteAnyDatabase". – Md Haidar Ali Khan Dec 06 '17 at 11:24
No sir, I want [userAdmin](https://docs.mongodb.com/v3.4/reference/built-in-roles/#userAdmin) role. Really appreciate your efforts, but it doesn't answer the question. I have updated it again to elaborate why I need this particular role. `root` or any other that includes user management privileges would work as well. – Alex Blex Dec 06 '17 at 11:50
Sorry mate, your *Suppose that you want to create a new "User" with "readWriteAnyDatabase" Role.* is totally wrong assumption, so all the steps after that answer the question I didn't ask. I want to create a user with "userAdmin" role, not "readWriteAnyDatabase". – Alex Blex Dec 06 '17 at 12:08
@Alex Blex, You just select the "dbAdmin" Role from the "Advanced Roles/Privileges" menu options. And as per your desire select "user id" and "password". For example i have shown "readWriteAnyDatabase" role and created in my "MongoDB Atlas Cluster". – Md Haidar Ali Khan Dec 06 '17 at 12:17
Already did it. dbAdmin can't create new users. Nor any other role from the list. – Alex Blex Dec 06 '17 at 12:20
If you didn't notice, your last screenshot is the one I posted in the question. Your last sentence *Select the "Role" according to your requirement and set their "User ID" and "Password".* is exactly where I got stuck - there is no Role in the list that matches my requirement, and my question is how to work it around. – Alex Blex Dec 06 '17 at 12:25
@Alex Blex, During Creation of "Atlas Cluster" sandbox. whatever you have given "user Id" and "Password". That is your "atlasAdmin@admin". Through which id you can able to update any role. – Md Haidar Ali Khan Dec 06 '17 at 12:33
Dear Md Haidar Ali Khan, Thanks for all the efforts you put into it. The "Update 2" I made couple of hours ago explicitly says that "atlasAdmin" Role is not sufficient. It does not allow to execute `db.creareUser()` command, nor any other commands that require `userAdmin` privileges. – Alex Blex Dec 06 '17 at 12:51
@Alex Blex, I am sure during "dbAdmin" new user creation you are not mentioning any "database" name in the "Atlas Cluster" . Until unless you shall not mention the "database name" then "dbAdmin" new user will not create. – Md Haidar Ali Khan Dec 06 '17 at 12:57
Hmmm, sorry, but I fail to comprehend the last comment. Of course I name the db when I create a user in specific db. I have no problems to create users in the Atlas UI using the roles provided in the drop-down list. – Alex Blex Dec 06 '17 at 13:05
@Alex Blex, See the my answer , after edit statement i have created one user with your name and also assigned the databse with "dbAdmin" Role. – Md Haidar Ali Khan Dec 06 '17 at 13:10
Thanks man, I created dbAdmins myself, and it works like a charm. Just to explain what the problem is - can you use these credentials to connect to the cluster in mongo shell, and execute `db.creareUser({user:"test18", pwd:"asdadasd", roles: ["read"]})` command ? I can't. It results with `Error: couldn't add user: not authorized on admin to execute command { createUser:....` error. – Alex Blex Dec 06 '17 at 13:10
@AlexBlex,Welcome. can you use these credentials to connect to the cluster in mongo shell, and execute . For that you have to asked the next question. Sorry for that. – Md Haidar Ali Khan Dec 06 '17 at 13:21
Sorry, but it is exactly the point of this question - none of the roles provided in the list allow to execute such command. – Alex Blex Dec 06 '17 at 13:36

How to add userAdmin user in Mongodb Atlas

2 Answers2