Docs Menu
Docs Home
/
MongoDB Atlas
/
Atlas CLI
/
Commands
/
api
/
databaseUsers

atlas api databaseUsers createDatabaseUser

On this page

  • Syntax
  • Options
  • Inherited Options
  • Examples

Public Preview: please provide feedback at: Creates one database user in the specified project.

This MongoDB Cloud supports a maximum of 100 database users per project. If you require more than 100 database users on a project, contact Support. To use this resource, the requesting Service Account or API Key must have the Project Owner role, the Project Charts Admin role, Project Stream Processing Owner role, or the Project Database Access Admin role.

This command is autogenerated and corresponds 1:1 with the Atlas API endpoint https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Database-Users/operation/createDatabaseUser.

For more information and examples, see the referenced API documentation linked above.

Syntax

Command Syntax
atlas api databaseUsers createDatabaseUser [options]

Options

Name
Type
Required
Description

--envelope

envelope

false

Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

--file

string

false

path to your API request file. Leave empty to use standard input instead - you must provide one or the other, but not both.

--groupId

string

true

Unique 24-hexadecimal digit string that identifies your project. Use the [/groups](#tag/Projects/operation/listProjects) endpoint to retrieve all projects to which the authenticated user has access.

NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

-h, --help

false

help for createDatabaseUser

--output

string

false

preferred api format, can be ["json", go-template] This value defaults to "json".

--output-file

string

false

file to write the api output to. This flag is required when the output of an endpoint is binary (ex: gzip) and the command is not piped (ex: atlas command > out.zip)

--pretty

false

Flag that indicates whether the response body should be in the prettyprint format.

--version

string

false

api version to use when calling the api call [options: "2023-01-01"], defaults to the latest version or the profiles api_version config value if set This value defaults to "2023-01-01".

Inherited Options

Name
Type
Required
Description

-P, --profile

string

false

Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings.

Examples

Create the file below and save it as payload.json

# AWS IAM Authentication
{
  "awsIAMType": "USER",
  "databaseName": "$external",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "arn:aws:iam::358363220050:user/mongodb-aws-iam-auth-test-user"
}

After creating payload.json, run the command below in the same directory.

# AWS IAM Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Create the file below and save it as payload.json

# LDAP Authentication
{
  "databaseName": "admin",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "ldapAuthType": "GROUP",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "CN=marketing,OU=groups,DC=example,DC=com"
}

After creating payload.json, run the command below in the same directory.

# LDAP Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Create the file below and save it as payload.json

# OIDC Workforce Federated Authentication
{
  "databaseName": "admin",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "oidcAuthType": "IDP_GROUP",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "5dd7496c7a3e5a648454341c/sales"
}

After creating payload.json, run the command below in the same directory.

# OIDC Workforce Federated Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Create the file below and save it as payload.json

# OIDC Workload Federated Authentication
{
  "databaseName": "$external",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "oidcAuthType": "USER",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "5dd7496c7a3e5a648454341c/sales"
}

After creating payload.json, run the command below in the same directory.

# OIDC Workload Federated Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Create the file below and save it as payload.json

# SCRAM-SHA Authentication
{
  "databaseName": "admin",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "password": "changeme123",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "david"
}

After creating payload.json, run the command below in the same directory.

# SCRAM-SHA Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Create the file below and save it as payload.json

# X509 Authentication
{
  "databaseName": "$external",
  "groupId": "32b6e34b3d91647abb20e7b8",
  "roles": [
    {
      "databaseName": "sales",
      "roleName": "readWrite"
    },
    {
      "databaseName": "marketing",
      "roleName": "read"
    }
  ],
  "scopes": [
    {
      "name": "myCluster",
      "type": "CLUSTER"
    }
  ],
  "username": "CN=david@example.com,OU=users,DC=example,DC=com",
  "x509Type": "CUSTOMER"
}

After creating payload.json, run the command below in the same directory.

# X509 Authentication
atlas api databaseUsers createDatabaseUser --version 2023-01-01 --file payload.json --groupId 32b6e34b3d91647abb20e7b8

Back

databaseUsers

Next

deleteDatabaseUser