mongocli atlas dbuser describe

On this page

Syntax

Options
Output
Examples

This version of the documentation is archived and no longer supported. View the current documentation to learn how to upgrade your version of MongoCLI.

The dbuser describe command retrieves one MongoDB database user on the specified Atlas cluster. You can also retrieve a MongoDB database user through the Atlas API.

Syntax

mongocli atlas dbuser describe <username>
     [ --authDB <auth-db> ]
     [ --output|-o <output-format> ]
     [ --profile|-P <profile-name> ]
     [ --projectId <project-ID> ]

Note

Use -h or --help to view the command-line help for this command.

Options

Option	Type	Description	Required?
`<username>`	string	Username of the database user to retrieve.	yes
`--authDB <auth-db>`	string	Authentication database to use. Defaults to `admin`. Acceptable values are: `admin` for users who use password authentication. `$external` for users who authenticate with X.509 certificates, LDAP, or AWS IAM.	no
`--output`, `-o`	string	Command output format. Valid values are: `json` for output in JSON format `go-template` for custom output using the Go template `go-template-file` for custom output specified using Go template file If omitted, the command returns output in the default format.	no
`--profile`, `-P`	string	Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.	no
`--projectId`	string	Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.	no

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field

Description

databaseName

User's authentication database. For MongoDB deployment in Atlas, the authentication database is always the admin database.

groupId

Unique identifier of the Atlas project to which the user belongs.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID.

roles

User's roles and the databases or collections on which the roles apply.

username

Username for authentication.

ldapAuthType

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use LDAP authentication.
`USER`	LDAP server authenticates this user through the user's LDAP user.
`GROUP`	LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.

x509Type

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use X.509 authentication.
`MANAGED`	This user authenticates with Atlas-managed X.509 certificates.
`CUSTOMER`	This user authenticates with Self-managed X.509 certificates.

awsIAMType

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use AWS IAM authentication.
`USER`	This user authenticates with AWS IAM user credentials.
`ROLE`	This user authenticates with AWS IAM role credentials.

deleteAfterDate

Timestamp in ISO 8601 date and time format in UTC after which Atlas deletes the user. This field is only present if an expiration date was specified when creating the entry.

Examples

The following example uses the mongocli atlas dbuser describe command to retrieve a MongoDB database user named myDbUser on an Atlas cluster. The command uses the default profile, which contains the Programmatic API Keys and the project ID.

mongocli atlas dbuser describe myDbUser --authDB admin --output json

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "databaseName": "admin",
  "ldapAuthType": "NONE",
  "x509Type": "NONE",
  "awsIAMType": "NONE",
  "groupId": "5dd5a6b6f10fab1d71a58495",
  "roles": [
    {
      "roleName": "atlasAdmin",
      "databaseName": "admin"
    }
  ],
  "username": "myDbUser"
}

The following example uses the mongocli atlas dbuser describe command to retrieve a MongoDB database user with X.509 authentication on an Atlas cluster. The command uses the { +default-profile+}, which contains the Programmatic API Keys and the project ID.

Note

When passing $external as a command line option, prepend it with a \ character to escape the special-use $ character.

mongocli atlas dbuser describe CN=ellen@example.com,OU=users,DC=example,DC=com --authDB \$external --output json

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "databaseName": "admin",
  "ldapAuthType": "NONE",
  "x509Type": "USER",
  "awsIAMType": "NONE",
  "groupId": "5dd5a6b6f10fab1d71a58495",
  "roles": [
    {
      "roleName": "atlasAdmin",
      "databaseName": "admin"
    }
  ],
  "username": "CN=ellen@example.com,OU=users,DC=example,DC=com"
}

The following example uses the mongocli atlas dbuser describe command to retrieve a MongoDB database user with AWS IAM authentication on an Atlas cluster. The command uses the default profile, which contains the Programmatic API Keys and the project ID.

Note

When passing $external as a command line option, prepend it with a \ character to escape the special-use $ character.

mongocli atlas dbuser describe arn:aws:iam::772401394250:user/my-test-user --authDB \$external --output json

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "databaseName": "admin",
  "ldapAuthType": "NONE",
  "x509Type": "NONE",
  "awsIAMType": "USER",
  "groupId": "5dd5a6b6f10fab1d71a58495",
  "roles": [
    {
      "roleName": "atlasAdmin",
      "databaseName": "admin"
    }
  ],
  "username": "arn:aws:iam::772401394250:user/my-test-user"
}

Back

List Database Users

Create a Database User