MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Completed
Categories Atlas
Created by Guest
Created on May 2, 2022

RELATED FEEDBACK

Granular permissions via roles / hashicorp vault

We are using the Hashicorp Vault Atlas plugin in order to generate credentials for Atlas. We are able to generate roles on the Atlas end and then use those roles to provision vault users. However, I don't see a way to restrict those roles to just certain resources/clusters. So the user can access all the deployments in a project. It should be possible to restrict roles to certain resources only.
  • ADMIN RESPONSE
    Aug 1, 2025
    Hi, This has already been added some time ago.   You need to specify the scopes you want to include, here's the code - https://github.com/hashicorp/vault-plugin-database-mongodbatlas/blob/master/mongodbatlas.go#L206. ( https://github.com/hashicorp/vault-plugin-database-mongodbatlas/blob/master/mongodbatlas.go#L206.should ) It should be an array like roles, but with the resource name and then if it's a cluster or data lake (see scopes here: https://www.mongodb.com/docs/atlas/reference/api/database-users-create-a-user/). ( https://www.mongodb.com/docs/atlas/reference/api/database-users-create-a-user/ ) I hope that helps! Best, Melissa
  • Attach files