Get All Custom Roles in a Project¶

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

https://cloud.mongodb.com/api/atlas/v1.0

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

Syntax¶

GET /api/atlas/v1.0/groups/{GROUP-ID}/customDBRoles/roles

Request Path Parameters¶

Parameter	Required/Optional	Description
`GROUP-ID`	Required.	The unique identifier for the project.

Request Query Parameters¶

The following query parameters are optional:

Name	Type	Necessity	Description	Default
pageNum	integer	Optional	Page number, starting with one, that Atlas returns of the total number of objects.	`1`
itemsPerPage	integer	Optional	Number of items that Atlas returns per page, up to a maximum of 500.	`100`
includeCount	boolean	Optional	Flag that indicates whether Atlas returns the totalCount parameter in the response body.	`true`
pretty	boolean	Optional	Flag that indicates whether Atlas returns the JSON response in the prettyprint format.	`false`
envelope	boolean	Optional	Flag that indicates whether Atlas wraps the response in an envelope. Some API clients cannot access the HTTP response headers or status code. To remediate this, set `envelope=true` in the query. Endpoints that return a list of results use the results object as an envelope. Atlas adds the status parameter to the response body.	`false`

Request Body Parameters¶

This endpoint does not use HTTP request body parameters.

Response Elements¶

If you set the query element envelope to true, the response is wrapped by the content object.

The HTTP response returns an array of JSON documents, each representing a custom role. Each document in the array contains the following fields:

Name	Type	Description
`actions`	array	Each object in the `actions` array represents an individual privilege action granted by the role.
`actions.action`	string	Name of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions.
`actions.resources`	array	Contains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
`actions.resources.collection`	string	Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the `actions.resources.db` field. Note This field is mutually exclusive with the `actions.resources.cluster` field.
`actions.resources.db`	string	Database on which the action is granted. Note This field is mutually exclusive with the `actions.resources.cluster` field.
`actions.resources.cluster`	boolean	Set to `true` to indicate that the action is granted on the cluster resource. Note This field is mutually exclusive with the `actions.resources.collection` and `actions.resources.db` fields.
`inheritedRoles`	array	Each object in the `inheritedRoles` array represents a key-value pair indicating the inherited role and the database on which the role is granted.
`inheritedRoles.db`	string	Database on which the inherited role is granted.
`inheritedRoles.role`	string	Name of the inherited role. This can either be another custom role or a built-in role.
`roleName`	string	Name of the custom role.

Example Request¶

Request¶

Important

You must modify the following code block with the appropriate credentials and project ID.

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
 --header 'Accept: application/json' \
 --include \
 --request GET "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/customDBRoles/roles?pretty=true"

Response¶

HTTP/1.1 200 OK
[ {
  "actions" : [ ],
  "inheritedRoles" : [ {
    "db" : "test",
    "role" : "readWrite"
  }, {
    "db" : "test",
    "role" : "dbAdmin"
  } ],
  "roleName" : "test"
}, {
  "actions" : [ {
    "action" : "LIST_SESSIONS",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "KILL_ANY_SESSION",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "USE_UUID",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "COLL_STATS",
    "resources" : [ {
      "collection" : "",
      "db" : "staging"
    } ]
  } ],
  "inheritedRoles" : [ {
    "db" : "admin",
    "role" : "enableSharding"
  }, {
    "db" : "admin",
    "role" : "backup"
  } ],
  "roleName" : "ShardingAdmin"
}, {
  "actions" : [ {
    "action" : "CONN_POOL_STATS",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "CURSOR_INFO",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "LIST_DATABASES",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "SERVER_STATUS",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "TOP",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "LIST_SESSIONS",
    "resources" : [ {
      "cluster" : true
    } ]
  }, {
    "action" : "KILL_ANY_SESSION",
    "resources" : [ {
      "cluster" : true
    } ]
  } ],
  "inheritedRoles" : [ ],
  "roleName" : "SessionMonitor"
} ]

Give Feedback

← Custom Roles Get a Single Custom Role →