MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Atlas
Created by Guest
Created on Mar 1, 2022

RELATED FEEDBACK

Control IP Access list for project-only API keys at the project-level exclusively

When setting up API keys as a project owner, you only get one opportunity to manage the access list without getting an Organization Owner to modify it thereafter. This creates a bottleneck where users need to ask for their API key access list to get changed (or alternatively make a new keypair, and have the API Keys list cluttered). If a key is only being used in one project, it should be allowed by the project owner to update the access list at any time since there is no risk of it affecting the organization.
  • Attach files
  • Guest
    Feb 14, 2024
    An API key with Project owner (GroupOwner) role should also be able to update another API key IP access list in that same PROJECT.
    Reply
  • Guest
    Mar 1, 2022
    Our frustration is in development environments specifically, where fine-grained access-controls like this aren't needed, and employees should be able to access the more restricted APIs without requiring IP whitelisting. (In staging and production environments this isn't necessarily an issue as these environments are more controlled.) The IP whitelisting is especially frustrating when many employees are WFH because the public IP addresses can change, unless employees have purchased a static IP address for their homes. (Most people don't do this.) In short, I'd like a user to be capable of managing their own API keys, rather than needing to escalate the issue to the Organisation Owner, in our case the Director of Engineering, each time.
    Reply