Navigation

Alpha Release of MongoDB CLI

This is a pre-release early version of MongoDB CLI. Do not use MongoDB CLI to manage production environments.

mongocli atlas dbuser create

On this page

The dbuser create command creates a MongoDB database user to access the specified Atlas cluster. You can also create a MongoDB database user through the Atlas UI or API.

Syntax

mongocli atlas dbuser create
     --password <password-of-user>
     [ --profile|-p <profile-name> ]
     [ --projectId <project-ID> ]
     --role <name-of-role>
     --username <name-of-user>

Note

Use -h or --help to view the command-line help for this command.

Options

Option Type Description Required?
--password string Password for authenticating the user to MongoDB. yes
--profile, -p string Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI. no
--projectId string Unique identifier of the project that contains the cluster. If omitted, uses the project ID in the profile or environment variable. no
--role string or array of strings Comma-separated list of user’s roles and the databases or collections on which the roles apply. A role allows the user to perform particular actions on the specified database or collection. To learn more about the list of default roles, see MongoDB Database User Privileges. yes
--username string Username for authenticating the user to MongoDB. yes

Output

The command prints the following fields in JSON format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field Description
databaseName User’s authentication database. For MongoDB deployment in Atlas, the authentication database is always the admin database.
groupId

Unique identifier of the Atlas project to which the user belongs.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID.

ldapAuthType

Method by which the specified username is authenticated. Valid values are:

NONE Atlas authenticates this user through SCRAM-SHA, not LDAP.
USER LDAP server authenticates this user through the user’s LDAP user.
GROUP LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.

The default value is NONE.

roles User’s roles and the databases or collections on which the roles apply.
username Username for authentication.

Examples

The examples below use the mongocli atlas dbuser create command to create a MongoDB database user to access the Atlas cluster. When the command is run, it prints the Output Fields to the terminal.

Example 1

The following command creates a user with the following attributes:

  • Username: user1
  • Password: passW0rd
  • Role: atlasAdmin

The command uses the profile named egAtlasProfile for accessing Atlas to create the user.

~ mongocli atlas dbuser create --username user1 --password passW0rd
--role atlasAdmin@admin --projectId 5e2211c17a3e5a48f5497de3 --profile
egAtlasProfile

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
         "roles": [{
                        "roleName": "atlasAdmin",
                        "databaseName": "admin"
             }],
         "groupId": "5e2211c17a3e5a48f5497de3",
         "username": "user1",
         "databaseName": "admin",
         "ldapAuthType": "NONE"
 }

Example 2

The following commands show two ways to create a user with readWriteAnyDatabase and clusterMonitor privileges. The command uses the default profile to access the specified project.

The followibg command shows the --role option with two privileges separated by a comma.

mongocli atlas dbuser create --username egUser --password passW0rd --role readWriteAnyDatabase@admin,clusterMonitor@admin --projectId 5e2211c17a3e5a48f5497de3

The following command specifies the --role option twice, once for each privilege.

mongocli atlas dbuser create --username egUser --password passW0rd --role readWriteAnyDatabase@admin --role clusterMonitor@admin --projectId 5e2211c17a3e5a48f5497de3

The commands print the following fields to the terminal. To learn more about these fields, see Output.

{
          "roles": [{
                          "roleName": "readWriteAnyDatabase",
                          "databaseName": "admin"
                 },
                 {
                      "roleName": "clusterMonitor",
                          "databaseName": "admin"
                 }],
           "groupId": "5e2211c17a3e5a48f5497de3",
           "username": "egUser",
           "databaseName": "admin",
           "ldapAuthType": "NONE"
 }