Get a Single Database User¶
Groups and projects are synonymous terms. Your {GROUP-ID}
is the
same as your project ID. For existing groups, your group/project ID
remains the same. The resource and corresponding endpoints use the
term groups
.
https://cloud.mongodb.com/api/atlas/v1.0
The Atlas API authenticates using HTTP Digest Authentication. Provide a programmatic API public key and corresponding private key as the username and password when constructing the HTTP request.
To learn how to configure API access for an Atlas project, see Configure Atlas API Access.
Syntax¶
GET /groups/{GROUP-ID}/databaseUsers/{databaseName}/{USERNAME}
Request Path Parameters¶
Parameter | Required/Optional | Description |
---|---|---|
GROUP-ID | Required. | Unique identifier for the project. |
databaseName | Required. | The user's authentication database. Accepted values include:
|
USERNAME | Required. | Username to retrieve. Must be a fully qualified distinguished name, as defined in RFC-2253, if:
Must be an ARN if |
Request Query Parameters¶
This endpoint might use any of the HTTP request query parameters available to all Atlas API resources. All of these are optional.
Name | Type | Necessity | Description | Default | ||||||
---|---|---|---|---|---|---|---|---|---|---|
pretty | boolean | Optional | Flag indicating whether the response body should be in a
prettyprint format. | false | ||||||
envelope | boolean | Optional | Flag indicating if Atlas should wrap the response in a JSON envelope. This option may be needed for some API clients. These clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. For endpoints that return one result, the response body includes:
| false |
Request Body Parameters¶
This endpoint does not use HTTP request body parameters.
Response Elements¶
If you set the query element envelope
to true
, the response is wrapped
by the content
object.
Response Element | Type | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
databaseName | string | The user's authentication database. A user must provide both a username and authentication database to log into MongoDB. Returned values include:
| ||||||||
deleteAfterDate | string | Timestamp in ISO 8601 date and time format in UTC after which Atlas deletes the user. This
field is only present if an expiration date was specified
when creating the entry. | ||||||||
groupId | string | Unique identifier of the Atlas project to which the user
belongs. | ||||||||
labels | array of documents | Array containing key-value pairs that tag and categorize the
database user. | ||||||||
ldapAuthType | string | Method by which the specified Returned values include:
| ||||||||
x509Type | string | X.509 method by which the provided The possible types are:
| ||||||||
awsIAMType | string | If this value is set, the new database user authenticates with AWS IAM credentials. Possible response values are:
| ||||||||
links | document array | One or more links to sub-resources and/or
related resources. | ||||||||
roles | string array | Array of this user's roles and the databases / collections on
which the roles apply. A role allows the user to perform
particular actions on the specified database. A role on the
| ||||||||
roles .collectionName | string | Collection on which the user has the specified role. | ||||||||
roles .databaseName | string | Database on which the user has the specified role. A role on the
admin database can include privileges that apply to the
other databases. | ||||||||
roles .roleName | string | Name of the role. The accepted values are:
| ||||||||
scopes | array of documents | Array of clusters and Atlas Data Lake s that this user has
access to. Returns an empty array if the user has access to all
the clusters and Atlas Data Lake s in the project. Database users
are granted access to all resources by default. | ||||||||
scopes.name | string | Name of the cluster or Atlas Data Lake that this user has
access to. | ||||||||
scopes.type | string | Type of resource that this user has access to. Valid values are:
| ||||||||
username | string | Username for authenticating to MongoDB. A fully qualified distinguished name, as defined in RFC-2253, is returned if:
An ARN is returned if:
|
Examples¶
Request¶
Retrieve one database user that Atlas authenticates using
SCRAM-SHA and the admin
database.
You must modify the following code block with the appropriate credentials and project ID.
curl -i -u "{PUBLIC-KEY}:{PRIVATE-KEY}" --digest "https://cloud.mongodb.com/api/atlas/v1.0/groups/5356823b3794dee37132bb7b/databaseUsers/admin/ellen"
Response Header¶
401 Unauthorized Content-Type: application/json;charset=ISO-8859-1 Date: {dateInUnixFormat} WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false Content-Length: {requestLengthInBytes} Connection: keep-alive
200 OK Vary: Accept-Encoding Content-Type: application/json Strict-Transport-Security: max-age=300 Date: {dateInUnixFormat} Connection: keep-alive Content-Length: {requestLengthInBytes}
Response Body¶
{ "ldapAuthType" : "NONE", "x509Type" : "NONE", "awsIAMType" : "NONE", "databaseName" : "admin", "groupId" : "5356823b3794dee37132bb7b", "links" : [ ... ], "labels": [], "roles" : [ { "databaseName" : "admin", "roleName" : "readAnyDatabase" }, { "databaseName" : "marketing", "roleName" : "readWrite" }, { "databaseName" : "marketing", "roleName" : "backup" } ], "scopes": [{ "name": "myCluster", "type": "CLUSTER" }], "username" : "ellen" }