Get a Single Database User¶
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
https://cloud.mongodb.com/api/atlas/v1.0
The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.
To learn how to configure API access for an Atlas project, see Configure Atlas API Access.
Syntax¶
GET /api/atlas/v1.0/groups/{GROUP-ID}/databaseUsers/{databaseName}/{USERNAME}
Request Path Parameters¶
Parameter | Required/Optional | Description |
---|---|---|
GROUP-ID | Required. | Unique identifier for the project. |
databaseName | Required. | The user's authentication database. Accepted values include:
|
USERNAME | Required. | Username to retrieve. Must be a fully qualified distinguished name, as defined in RFC-2253, if:
Must be an ARN if |
Request Query Parameters¶
The following query parameters are optional:
Query Parameter | Type | Description | Default |
---|---|---|---|
pretty | boolean | Displays response in a prettyprint format. | false |
envelope | boolean | Specifies whether or not to wrap the response in an envelope. | false |
Request Body Parameters¶
This endpoint does not use HTTP request body parameters.
Response Elements¶
If you set the query element envelope
to true
, the response is wrapped
by the content
object.
Response Element | Type | Description | ||||||
---|---|---|---|---|---|---|---|---|
databaseName | string | The user's authentication database. A user must provide both a username and authentication database to log into MongoDB. Returned values include:
| ||||||
deleteAfterDate | string | Timestamp in ISO 8601 date and time format in UTC after which Atlas deletes the user. This field is only present if an expiration date was specified when creating the entry. | ||||||
groupId | string | Unique identifier of the Atlas project to which the user belongs. | ||||||
labels | array of documents | Array containing key-value pairs that tag and categorize the database user. | ||||||
ldapAuthType | string | Method by which the specified Returned values include:
| ||||||
x509Type | string | X.509 method by which the provided The possible types are:
| ||||||
awsIAMType | string | If this value is set, the new database user authenticates with AWS IAM credentials. Possible response values are:
| ||||||
links | document array | One or more links to sub-resources and/or related resources. | ||||||
roles | string array | Array of this user's roles and the databases / collections on
which the roles apply. A role allows the user to perform
particular actions on the specified database. A role on the
admin database can include privileges that apply to the
other databases as well. | ||||||
roles .collectionName | string | Collection on which the user has the specified role. | ||||||
roles .databaseName | string | Database on which the user has the specified role. A role on the
admin database can include privileges that apply to the
other databases. | ||||||
roles .roleName | string | Name of the role. The accepted values are:
| ||||||
scopes | array of documents | Array of clusters and Atlas Data Lake s that this user has access to. Returns an empty array if the user has access to all the clusters and Atlas Data Lake s in the project. Database users are granted access to all resources by default. | ||||||
scopes.name | string | Name of the cluster or Atlas Data Lake that this user has access to. | ||||||
scopes.type | string | Type of resource that this user has access to. Valid values are:
| ||||||
username | string | Username for authenticating to MongoDB. A fully qualified distinguished name, as defined in RFC-2253, is returned if:
An ARN is returned if:
|
Examples¶
Request¶
Retrieve one database user that Atlas authenticates using
SCRAM-SHA and the admin
database.
You must modify the following code block with the appropriate credentials and project ID.
curl -i -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/databaseUsers/admin/ellen"
Response Header¶
HTTP/1.1 401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
HTTP/1.1 200 OK Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes}
Response Body¶
{ "ldapAuthType" : "NONE", "x509Type" : "NONE", "awsIAMType" : "NONE", "databaseName" : "admin", "groupId" : "5356823b3794dee37132bb7b", "links" : [ ... ], "labels": [], "roles" : [ { "databaseName" : "admin", "roleName" : "readAnyDatabase" }, { "databaseName" : "marketing", "roleName" : "readWrite" }, { "databaseName" : "marketing", "roleName" : "backup" } ], "scopes": [{ "name": "myCluster", "type": "CLUSTER" }], "username" : "ellen" }