Can Atlas API give custom roles the listCollections permission?

We are using the Atlas API to create users with custom roles.
We use the custom roles to restrict users to reading/writing specific collections within a database.
We do not allow the users to access all collections within the database and we do not allow them to access any other databases.

We want to give our users the ability to list the collections in a specific database.
Is there a way to use the API to grant the listCollections permission?

Hi @john_m,

We are using the Atlas API to create users with custom roles.
We want to give our users the ability to list the collections in a specific database.
Is there a way to use the API to grant the listCollections permission?

It sounds like you have already created the custom roles and users via the API. If you wish to update custom roles via the Atlas API to grant the listCollections permission, the Update a Custom Role documentation may help.

As an example, I have an existing custom role named customRole2 with read access to the database named searchdb:

Using the example below API to update the custom role customRole2, I am able to update it with the listCollections permission on the database testdb :

curl --user '<PUBLICKEY>:<PRIVATEKEY>' --digest \
 --header 'Content-Type: application/json' \
 --include \
 --request PATCH "https://cloud.mongodb.com/api/atlas/v1.0/groups/<PROJECT_ID>/customDBRoles/roles/customRole2" --data '
 {
   "actions" : [ {
     "action" : "LIST_COLLECTIONS",
     "resources" : [ {
       "collection" : "",
       "db" : "testdb"
     } ]
   } ]
}'

Additionally, you can update existing database users via the API to assign them a custom role.

If there are any concerns, you can always test this against a test custom role or database user initially to see if the API request gets you the desired result.

I hope this helps.

Kind Regards,
Jason

2 Likes