Hi Thank you for the feature. How can I give read permission for a specific cluster and read&write to a different cluster in the same project?

Restrict db user per Cluster: We would like to check if a db user can be restricted to a specific cluster. Currently we have a single project with few clusters and we would like to restrict the current db user to access only the one of the clusters. Please note that our request is based on NOT splitting the above current single project to separate projects (which each project has its own cluster).

@andrew Checking in as well - mLab is set to be depreciated and we want to shift more to Atlas.

Any update on this Andrew? This is desperately needed.

Same, desperately need this.

Looking for this, are you have any ETA?

Looking forward to this!

We 100% agree and are planning to deliver the ability for database users to be mapped to sets of clusters within a Project (rather than all or nothing) later this year. This remains a number of months out. -Andrew

Same here. Our projects represents our different environments. Each containing multiple clusters. We also think that adding more projects to limit database access seems like the wrong solution. This would be a highly appreciated feature in our opinion.

Same issue. This is major disadvantage of Atlas for us.

We have the same issue. Adding more projects to limit database access seems like the wrong solution. With each project, you have to manage VPC peers, LDAP auth, alert settings, routing, etc. Because database users are defined at the project level, it makes sense to be able to limit access by cluster name. Otherwise you're taking a step back from running base MongoDB.

Hi Eric, We hear you loud and clear on this one. In the interests of transparency, we've gone back and forth over time on whether Projects are the right model in general and that has delayed our finding a solution to this problem. However we are quite committed to Projects as offering a very nice level of abstraction that can be super convenient in most cases and therefore are quite confident that the way to go is to add in the flexibility you're requesting here. (It makes perfect sense to use Projects to group items at the network and control plane level but not have to have them grouped at the data plane access level). I was going to suggest the "use different database namespaces in different clusters" workaround but totally understand that for you that's annoying and more importantly untenable due to different clusters using the same DB name (very understandable). Because this is a core change to our offering, it's not something we're going to be able to introduce in the near term, but something we know we need to. I'm sorry we don't have a solution to this sooner. -Andrew

The current solution is to create different projects for each cluster I don't want to overlap, the problem with this is that it requires adding people/teams to each new project in Atlas.