Managing MongoDB® users with the Scaleway API
When you create your MongoDB® Database Instance, a default user with administrative privileges is automatically created.
You can create more users and grant them pre-set roles via the Scaleway Managed MongoDB® API.
How to create a user
-
Edit the POST request payload you will use to create your user. Replace the values of each parameter with your values of choice following the parameter descriptions below.
{ "name": "<username>", "password": "<password>", }Parameter Description nameSet a name for the database user. passwordSet a password for the database user. -
Run the following command to create a user. Make sure you include the payload you edited in the previous step.
{instance_id}corresponds to the UUID of the Managed MongoDB®.curl -X POST \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "<username>", "password": "<password>", }' \ "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/par/instances/{instance_id}/users"You should get a response like the following:
{ "name": "<username>", "password": "<password>", "roles": [ { "role": "read_write", "any_database": true }, { "role": "db_admin", "any_database": true }, { "role": "sync", "any_database": true } ] }
All users you create will have the read_write, db_admin and sync roles on all databases by default.
You can follow the steps below to update a user's role(s) to the one(s) of your choice.
How to apply a role to a user
-
Edit the POST request payload you will use to update the user role. Replace the values of each parameter with your values of choice following the parameter descriptions below.
In this example, we define a single
read_writerole for the user. This role applies only in theexample-dbdatabase.{ "name": "<username>", "roles": [ { "role": "read_write", "database": "example-db", "any_database": false } ] }Role Description readRead privileges on all non-system collections and the system.jscollection. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role.read_writeRead and write privileges on all non-system collections and the system.jscollection. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role.db_adminPrivileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role. syncRole that aggregates three MongoDB roles: clusterMonitor- Read-only access to monitoring tools. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role.backup- Grants the minimal privileges needed to back up data. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role.restore- Grants the privileges needed to restore data from backups. Refer to the official MongoDB® documentation for an extensive list of the privileges granted to this role. -
Run the following command to apply a new role to the user. Make sure you include the payload you edited in the previous step and that you replace the parameters in the call with your information.
{instance_id}corresponds to the UUID of the Managed MongoDB®.curl -X PUT \ -H "X-Auth-Token: $SCW_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "<username>", "roles": [ { "role": "read_write", "database": "<name_of_database>" "any_database": false } ] }' \ "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/instances/{instance_id}/roles"If the call was successful, you will get the payload with the new role(s) as a response.