Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/mongodbatlas
Overview
12Tables
Versions
GitHub
steampipe plugin install mongodbatlas

Table: mongodbatlas_database_user - Query MongoDB Atlas Database Users using SQL

A MongoDB Atlas Database User is a unique identity recognized by MongoDB Atlas clusters, with associated roles that determine the actions the user can perform on a specific database. Database Users are separate from MongoDB Atlas Organization and Project users. They are used to authenticate applications and services to connect to MongoDB Atlas databases.

Table Usage Guide

The mongodbatlas_database_user table provides insights into database users within MongoDB Atlas. As a database administrator, explore user-specific details through this table, including authentication methods, assigned roles, and the databases they have access to. Utilize it to manage and audit user access, ensuring security and compliance in your MongoDB Atlas environment.

Examples

Basic info

Explore which MongoDB Atlas database users are currently active, providing a quick overview of user access and potential security risks. This is useful for administrators seeking to manage user access and maintain database security.

select
  id,
  name
from
  mongodbatlas_database_user;
select
  id,
  name
from
  mongodbatlas_database_user;

List all scopes for each user

Explore the range of access each user has in your MongoDB Atlas database. This can assist in identifying potential security risks and ensuring appropriate access levels.

select
  username,
  jsonb_array_elements(scopes) as scopes
from
  mongodbatlas_database_user;
select
  username,
  json_each.value as scopes
from
  mongodbatlas_database_user,
  json_each(scopes);

List all roles for each user

Explore which roles are assigned to each user in your MongoDB Atlas database, helping you to understand user permissions and ensure appropriate access control.

select
  username,
  jsonb_array_elements(roles) as roles
from
  mongodbatlas_database_user;
select
  username,
  roles.value as roles
from
  mongodbatlas_database_user,
  json_each(roles);

List all database users who have 'readWriteAnyDatabase' role on the database 'admin'

Explore which database users have been granted the 'readWriteAnyDatabase' role on the 'admin' database. This can be useful in assessing user permissions and ensuring appropriate access control within your database environment.

select
  username,
  r ->> 'databaseName' as database_name
from
  mongodbatlas_database_user as u,
  jsonb_array_elements(u.roles) as r
where
  r ->> 'roleName' = 'readWriteAnyDatabase'
  AND r ->> 'databaseName' = 'admin';
select
  username,
  json_extract(r.value, '$.databaseName') as database_name
from
  mongodbatlas_database_user as u,
  json_each(u.roles) as r
where
  json_extract(r.value, '$.roleName') = 'readWriteAnyDatabase'
  AND json_extract(r.value, '$.databaseName') = 'admin';

Schema for mongodbatlas_database_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
database_nametext=Database against which the database user authenticates. Database users must provide both a username and authentication database to log into MongoDB.
delete_after_datetimestamp with time zoneTimestamp in ISO 8601 date and time format in UTC after which Atlas deletes the temporary access list entry. Atlas returns this field if you specified an expiration date when creating this access list entry.
labelsjsonbList that contains key-value pairs that tag and categorize the database user.
project_idtext=Unique identifier of the project to which this access list entry applies.
rolesjsonbList that contains key-value pairs that tag and categorize the database user.
scopesjsonbList that contains key-value pairs that tag and categorize the database user.
titletextTitle of the resource.
usernametext=Username needed to authenticate to the MongoDB database or collection.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- mongodbatlas

You can pass the configuration to the command with the --config argument:

steampipe_export_mongodbatlas --config '<your_config>' mongodbatlas_database_user