Skip to content

Commit 1498cc7

Browse files
committed
(DOCSP-32346) Revamps to include Atlas steps for Atlas Top 250 initiative.
1 parent f847af8 commit 1498cc7

File tree

2 files changed

+216
-3
lines changed

2 files changed

+216
-3
lines changed
Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
stepnum: 1
2+
title: Open the :guilabel:`Add New Database User` dialog.
3+
ref: go-users-view-manual
4+
content: |
5+
a. In the :guilabel:`Security` section of the left navigation, click
6+
:guilabel:`Database Access`. The :guilabel:`Database Users` tab
7+
displays.
8+
9+
#. Click :icon-fa5:`plus` :guilabel:`Add New Database User`.
10+
---
11+
stepnum: 2
12+
title: Select :guilabel:`Password`.
13+
ref: scram-select-password-manual
14+
content: |
15+
In the :guilabel:`Authentication Method` section of the :guilabel:`Add
16+
New Database User` modal window, select the box labeled :guilabel:`Password`.
17+
---
18+
stepnum: 3
19+
title: Enter user information.
20+
ref: scram-enter-user-info-manual
21+
content: |
22+
Under :guilabel:`Password Authentication`, there are two text fields.
23+
24+
a. Enter a username for the new user in the top text field.
25+
26+
#. Enter a password for the new user in the lower text field.
27+
28+
To use a password auto-generated by {+atlas+},
29+
click the :guilabel:`Autogenerate Secure Password` button.
30+
---
31+
stepnum: 4
32+
title: Assign privileges.
33+
ref: assign-user-privileges-manual
34+
content: |
35+
Select the database user privileges. You can assign privileges to the new user
36+
in one or more of the following ways:
37+
38+
- Select a :atlas:`built-in role </security-add-mongodb-users/#built-in-roles>` from the
39+
:guilabel:`Built-in Role` dropdown menu. You can select one
40+
built-in role per database user within the Atlas UI. If you delete the
41+
default option, you can click :guilabel:`Add Built-in Role` to select a new built-in role.
42+
43+
- If you have any :atlas:`custom roles </security-add-mongodb-roles>` defined, you can expand
44+
the :guilabel:`Custom Roles` section and select
45+
one or more roles from the :guilabel:`Custom Roles` dropdown menu. Click
46+
:guilabel:`Add Custom Role` to add more custom roles. You can also
47+
click the :guilabel:`Custom Roles` link to see the custom
48+
roles for your project.
49+
50+
- Expand the :guilabel:`Specific Privileges` section and select one or more
51+
:atlas:`privileges </security-add-mongodb-users/#specific-privileges>` from the
52+
:guilabel:`Specific Privileges` dropdown menu. Click
53+
:guilabel:`Add Specific Privilege` to add more privileges. This assigns the
54+
user specific privileges on individual databases and collections.
55+
56+
{+atlas+} can apply a built-in role, multiple custom roles, and multiple specific
57+
privileges to a single database user.
58+
59+
To remove an applied role or privilege, click :icon-fa4:`trash-o`
60+
:guilabel:`Delete` next to the role or privilege you wish to delete.
61+
62+
.. note::
63+
64+
{+atlas+} doesn't display the :icon-fa4:`trash-o` :guilabel:`Delete` icon
65+
next to your :guilabel:`Built-in Role`, :guilabel:`Custom Role`, or
66+
:guilabel:`Specific Privilege` selection if you selected only one option. You
67+
can delete the selected role or privilege once you apply another role or privilege.
68+
69+
For more information on authorization, see :ref:`Role-Based
70+
Access Control <authorization>` and :ref:`Built-in
71+
Roles <built-in-roles>`.
72+
---
73+
stepnum: 5
74+
title: Specify the resources in the project that the user can access.
75+
optional: true
76+
ref: restrict-resource-access-manual
77+
content: |
78+
By default, users can access all the clusters and
79+
:atlas:`federated database instances </data-federation/overview>` in the
80+
project. You can restrict access to specific clusters and federated database instances
81+
by doing the following:
82+
83+
a. Toggle :guilabel:`Restrict Access to Specific Clusters/Federated
84+
Database Instances` to :guilabel:`ON`.
85+
86+
#. Select the clusters and federated database instances to grant the user access to
87+
from the :guilabel:`Grant Access To` list.
88+
---
89+
stepnum: 6
90+
title: Save as temporary user.
91+
optional: true
92+
ref: save-temp-user-manual
93+
content: |
94+
Toggle :guilabel:`Temporary User` to :guilabel:`On` and choose
95+
a time after which {+atlas+} can delete the user from the
96+
:guilabel:`Temporary User Duration` dropdown. You can select one of the
97+
following time periods for the user to exist:
98+
99+
- 6 hours
100+
- 1 day
101+
- 1 week
102+
103+
In the :guilabel:`Database Users` tab, temporary users display
104+
the time remaining until {+atlas+} will delete the user. Once
105+
{+atlas+} deletes the user, any client or application that uses
106+
the temporary user's credentials loses access to the cluster.
107+
---
108+
stepnum: 7
109+
title: Click :guilabel:`Add User`.
110+
ref: save-user-manual
111+
...

source/tutorial/create-users.txt

Lines changed: 105 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,34 @@ user. This principle of *access isolation* facilitates access revocation
2727
and ongoing user maintenance. To ensure a system of :term:`least
2828
privilege`, only grant the minimal set of privileges required to a user.
2929

30+
The user information on this page applies to deployments hosted in
31+
all of the following environments unless specified otherwise:
32+
33+
.. include:: /includes/fact-environments.rst
34+
35+
{+atlas+} Limitations
36+
------------------------------
37+
38+
The following limitations apply only to deployments hosted in
39+
{+atlas+}. If any of these limits present a problem for your organization,
40+
contact :atlas:`Atlas support </support>`.
41+
42+
* The available {+atlas+} :atlas:`built-in roles </security-add-mongodb-users/#std-label-atlas-user-privileges>`
43+
and :atlas:`specific privileges </security-add-mongodb-users/#std-label-atlas-specific-privileges>`
44+
support a subset of MongoDB commands.
45+
See :atlas:`Unsupported Commands in M10+ Clusters </unsupported-commands/#std-label-paid-tier-command-limitations>`
46+
for more information.
47+
48+
* {+atlas+} supports a maximum of 100 database users per {+atlas+}
49+
project. If you require more than 100 database users on a project,
50+
contact :atlas:`Atlas support </support>`.
51+
52+
* You must use the :atlas:`Atlas CLI </cli/stable/command/atlas-dbusers-create>`,
53+
:atlas:`Atlas Administration API </reference/api-resources-spec/v2/#tag/Database-Users>`,
54+
Atlas UI, or a supported :atlas:`integration </partner-integrations/#std-label-partner-integrations>`
55+
to add, modify, or delete database users on {+atlas+} database deployments.
56+
Otherwise, {+atlas+} rolls back any user modifications.
57+
3058
.. _add-user-prereq:
3159

3260
Prerequisites
@@ -41,23 +69,84 @@ For routine user creation, you must possess the following permissions:
4169

4270
.. include:: /includes/access-create-user.rst
4371

72+
To create users for {+atlas+}, you must have
73+
:atlas:`Organization Owner </reference/user-roles/#mongodb-authrole-Organization-Owner>`
74+
or :atlas:`Project Owner </reference/user-roles/#mongodb-authrole-Project-Owner>`
75+
access to {+atlas+}. These roles are unique to {+atlas+} and are
76+
separate from database users.
77+
To learn more, see :atlas:`Atlas User Roles </reference/user-roles>`.
78+
4479
.. _create-user-procedure:
4580

4681
Procedure
4782
---------
4883

4984
.. note::
5085

51-
The following procedure uses :ref:`authentication-scram`
86+
The following procedures use :ref:`authentication-scram`
5287
authentication. For additional information on other authentication
5388
mechanisms, see :ref:`create-users-examples`.
5489

90+
Configure Users for Self-Hosted Deployments
91+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92+
93+
Configure database users for your self-hosted MongoDB Enterprise
94+
or MongoDB Community deployment:
95+
5596
.. include:: /includes/steps/authorization-create-users.rst
5697

5798
.. seealso::
5899

59100
:doc:`/tutorial/manage-users-and-roles`
60101

102+
Configure Database Users for {+atlas+}
103+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
104+
105+
A {+atlas+} project can have users with different authentication methods.
106+
107+
You cannot change a user's authentication method after creating that
108+
user. To use an alternative authentication method, you must create a
109+
new user.
110+
111+
Configure database users for your {+atlas+} deployment who
112+
use :ref:`authentication-scram` authentication:
113+
114+
.. tabs::
115+
116+
.. tab:: Atlas CLI
117+
:tabid: cli
118+
119+
The Atlas CLI uses the following commands to create new database users and
120+
X.509 certificates. The options you specify determine the authentication method.
121+
122+
To create a database user for your project using the Atlas CLI,
123+
run the following command:
124+
125+
.. code-block:: sh
126+
127+
atlas dbusers create [builtInRole]... [options]
128+
129+
To create a new Atlas-managed X.509 certificate for the specified
130+
database user using the Atlas CLI, run the following command:
131+
132+
.. code-block:: sh
133+
134+
atlas dbusers certs create [options]
135+
136+
To learn more about the syntax and parameters for the previous commands,
137+
see the Atlas CLI documentation for
138+
:atlas:`atlas dbusers create </cli/stable/command/atlas-dbusers-create>` and
139+
:atlas:`atlas dbusers certs create </cli/stable/command/atlas-dbusers-certs-create>`.
140+
141+
.. see:: Related Links
142+
143+
- :atlas:`Install the Atlas CLI </cli/stable/install-atlas-cli>`
144+
- :atlas:`Connect to the Atlas CLI </cli/stable/connect-atlas-cli>`
145+
146+
.. tab:: Atlas UI
147+
:tabid: ui
148+
149+
.. include:: /includes/steps/add-scram-user.rst
61150

62151
.. _create-users-examples:
63152
.. _add-new-user:
@@ -154,6 +243,10 @@ access to the ``records`` database:
154243
- :doc:`/tutorial/configure-ldap-sasl-activedirectory`
155244
- :doc:`/tutorial/configure-ldap-sasl-openldap`
156245

246+
To learn more about setting up LDAP authentication for {+atlas+},
247+
see :atlas:`Add Database Users</security-add-mongodb-users/#add-database-users>`
248+
in the {+atlas+} documentation.
249+
157250
x.509 Client Certificate Authentication
158251
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
159252

@@ -188,8 +281,17 @@ user with read-only access to the ``records`` database.
188281

189282
- :doc:`/tutorial/configure-x509-client-authentication`
190283

284+
To learn more about setting up x.509 Client Certificate authentication for {+atlas+},
285+
see :atlas:`Add Database Users</security-add-mongodb-users/#add-database-users>`
286+
in the {+atlas+} documentation.
287+
191288
Next Steps
192289
----------
193290

194-
To manage users, assign roles, and create custom roles, see
195-
:doc:`/tutorial/manage-users-and-roles`.
291+
To manage users, assign roles, and create custom roles for your
292+
self-hosted MongoDB Enterprise or MongoDB Community deployment,
293+
see :doc:`/tutorial/manage-users-and-roles`.
294+
295+
You can also :atlas:`manage users, assign roles </security-add-mongodb-users>`,
296+
and :atlas:`create custom roles </security-add-mongodb-roles>`
297+
for your {+atlas+} deployment.

0 commit comments

Comments
 (0)