MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Atlas
Created by Guest
Created on Feb 17, 2021

RELATED FEEDBACK

Restrict specific users or client IPs to only Analytics node(s)

There are use-cases where certain users or client IPs need to be given access restricted to only the Analytics node(s) . While it is possible to grant such users read-only permissions at the database/collection level, and have them use the ANALYTICS replica set tag in their connection string URI, it might still be possible for those users to connect to a Primary or a Secondary node (when not using the Analytics replica set tag) and run their query there. Therefore, a feature that will either restrict specific users access to only the Analytics node(s) or a functionality that will restrict access from certain client IPs to only the Analytics node(s), will help in such use-cases.
  • Attach files
  • Guest
    Apr 8, 2025
    We really need "Node specific user access for workload isolation", love to see this implemented along with "Node specific defaultMaxTimeMS".
    Reply
  • Guest
    Nov 30, 2022
    Yeah would love to see this. There is nothing stopping someone from connecting to the cluster vs the tagged Analytics node if they mess with the connection string.
    Reply
  • Guest
    Feb 17, 2022
    I also think it is imperative to restrict access at the network level to a read-only replica! So that certain users from certain addresses do not have access to the entire cluster, but only to a read-only replica.
    Reply
  • Guest
    Feb 18, 2021
    Hi Harshad, Great idea: it's unfortunately more complex to implement than it sounds, requiring some core changes to the authorization model on the database engine. I will share with the right people though. -Andrew
    Reply