Navigation

Get All Custom Roles in a Project

Info With Circle IconCreated with Sketch.Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.

https://cloud.mongodb.com/api/atlas/v1.0

The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.

To learn how to configure API access for an Atlas project, see Configure Atlas API Access.

GET /api/atlas/v1.0/groups/{GROUP-ID}/customDBRoles/roles
ParameterRequired/OptionalDescription
GROUP-IDRequired.The unique identifier for the project.

The following query parameters are optional:

NameTypeNecessityDescriptionDefault
pageNumintegerOptionalPage number, starting with one, that Atlas returns of the total number of objects.1
itemsPerPageintegerOptionalNumber of items that Atlas returns per page, up to a maximum of 500.100
includeCountbooleanOptionalFlag that indicates whether Atlas returns the totalCount parameter in the response body.true
prettybooleanOptionalFlag that indicates whether Atlas returns the JSON response in the prettyprint format.false
envelopebooleanOptional

Flag that indicates whether Atlas wraps the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

Endpoints that return a list of results use the results object as an envelope. Atlas adds the status parameter to the response body.

false

This endpoint does not use HTTP request body parameters.

If you set the query element envelope to true, the response is wrapped by the content object.

The HTTP response returns an array of JSON documents, each representing a custom role. Each document in the array contains the following fields:

NameTypeDescription
actionsarrayEach object in the actions array represents an individual privilege action granted by the role.
actions.actionstringName of the privilege action. For a complete list of actions available in the Atlas API, see Custom Role Actions.
actions.resourcesarrayContains information on where the action is granted. Each object in the array either indicates a database and collection on which the action is granted, or indicates that the action is granted on the cluster resource.
actions.resources.collectionstring

Collection on which the action is granted. If this value is an empty string, the action is granted on all collections within the database specified in the actions.resources.db field.

Info With Circle IconCreated with Sketch.Note

This field is mutually exclusive with the actions.resources.cluster field.

actions.resources.dbstring

Database on which the action is granted.

Info With Circle IconCreated with Sketch.Note

This field is mutually exclusive with the actions.resources.cluster field.

actions.resources.clusterboolean

Set to true to indicate that the action is granted on the cluster resource.

Info With Circle IconCreated with Sketch.Note

This field is mutually exclusive with the actions.resources.collection and actions.resources.db fields.

inheritedRolesarrayEach object in the inheritedRoles array represents a key-value pair indicating the inherited role and the database on which the role is granted.
inheritedRoles.dbstringDatabase on which the inherited role is granted.
inheritedRoles.rolestringName of the inherited role. This can either be another custom role or a built-in role.
roleNamestringName of the custom role.
Important With Circle IconCreated with Sketch.Important

You must modify the following code block with the appropriate credentials and project ID.

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
--header 'Accept: application/json' \
--include \
--request GET "https://cloud.mongodb.com/api/atlas/v1.0/groups/{GROUP-ID}/customDBRoles/roles?pretty=true"
HTTP/1.1 200 OK
[ {
"actions" : [ ],
"inheritedRoles" : [ {
"db" : "test",
"role" : "readWrite"
}, {
"db" : "test",
"role" : "dbAdmin"
} ],
"roleName" : "test"
}, {
"actions" : [ {
"action" : "LIST_SESSIONS",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "KILL_ANY_SESSION",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "USE_UUID",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "COLL_STATS",
"resources" : [ {
"collection" : "",
"db" : "staging"
} ]
} ],
"inheritedRoles" : [ {
"db" : "admin",
"role" : "enableSharding"
}, {
"db" : "admin",
"role" : "backup"
} ],
"roleName" : "ShardingAdmin"
}, {
"actions" : [ {
"action" : "CONN_POOL_STATS",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "CURSOR_INFO",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "LIST_DATABASES",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "SERVER_STATUS",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "TOP",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "LIST_SESSIONS",
"resources" : [ {
"cluster" : true
} ]
}, {
"action" : "KILL_ANY_SESSION",
"resources" : [ {
"cluster" : true
} ]
} ],
"inheritedRoles" : [ ],
"roleName" : "SessionMonitor"
} ]
Give Feedback