Custom Roles¶
The customDBRoles
resource lets you retrieve, create and modify the
custom roles in your cluster. Use custom roles to
specify custom sets of actions which cannot be described by the
built-in Atlas database user privileges.
Custom roles cannot use actions unavailable to any cluster version in your project. Custom roles are defined at the project level, and must be compatible with each MongoDB version used by your project's clusters.
Custom roles in your project must include actions that all of your clusters support.
You can't create custom roles that use actions introduced in MongoDB 4.0 if your project contains MongoDB 3.6 clusters.
If you have a cluster in your project with MongoDB 3.6, you cannot create a custom role that uses actions introduced in MongoDB 4.0.
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
The Custom Roles resource supports a subset of MongoDB privilege actions. Further, the custom role actions available in the API represent a subset of actions available in the Atlas UI. For a complete list of privilege actions available in the Custom Roles resource, see Custom Role Actions.
https://cloud.mongodb.com/api/atlas/v1.0
Method | Endpoint | Description |
---|---|---|
GET | /groups/{GROUP-ID}/customDBRoles/roles | Get all custom roles in the project. |
GET | /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} | Get the custom role named {ROLE-NAME}. |
POST | /groups/{GROUP-ID}/customDBRoles/roles | Create a new custom role in the project. |
PATCH | /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} | Update a custom role in the project. |
DELETE | /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} | Delete a custom role from the project. |