mongocli atlas dbuser update

On this page

Syntax

Options
Output
Examples

This version of the documentation is archived and no longer supported. View the current documentation to learn how to upgrade your version of MongoCLI.

The dbuser update command modifies a MongoDB database user's password and roles. You can also update a MongoDB database user through the Atlas UI or API.

Syntax

mongocli atlas dbuser update <username>
     [ --output|-o <output-format> ]
     --password|-p <password-of-user>
     [ --profile|-P <profile-name> ]
     [ --projectId <project-ID> ]
     [ --role <name-of-role> ]

Note

Use -h or --help to view the command-line help for this command.

Options

Option	Type	Description	Required?
`--output`, `-o`	string	Command output format. Valid values are: `json` for output in JSON format `go-template` for custom output using the Go template `go-template-file` for custom output specified using Go template file If omitted, the command returns output in the default format.	no
`--password`, `-p`	string	Password for authenticating the user to MongoDB.	yes
`--profile`, `-P`	string	Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.	no
`--projectId`	string	Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.	no
`--role`	string or array of strings	Comma-separated list of user's roles and the databases or collections on which the roles apply. A role allows the user to perform particular actions on the specified database or collection. To learn more about the list of default roles, see MongoDB Database User Privileges.	yes
`<username>`	string	Username of the user to update.	yes

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field

Description

databaseName

User's authentication database. For MongoDB deployment in Atlas, the authentication database is always the admin database.

groupId

Unique identifier of the Atlas project to which the user belongs.

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID.

roles

User's roles and the databases or collections on which the roles apply.

username

Username for authentication.

ldapAuthType

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use LDAP authentication.
`USER`	LDAP server authenticates this user through the user's LDAP user.
`GROUP`	LDAP server authenticates this user using their LDAP user and authorizes this user using their LDAP group. To learn more about LDAP security, see Set up User Authentication and Authorization with LDAP.

x509Type

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use X.509 authentication.
`MANAGED`	This user authenticates with Atlas-managed X.509 certificates.
`CUSTOMER`	This user authenticates with Self-managed X.509 certificates.

awsIAMType

Method by which the specified username is authenticated. Valid values are:

`NONE`	This user does not use AWS IAM authentication.
`USER`	This user authenticates with AWS IAM user credentials.
`ROLE`	This user authenticates with AWS IAM role credentials.

deleteAfterDate

Timestamp in ISO 8601 date and time format in UTC after which Atlas deletes the user. This field is only present if an expiration date was specified when creating the entry.

Examples

The following examples use the mongocli atlas dbuser update command to modify a MongoDB database user's password and roles. When you run the command, it prints the Output Fields to the terminal.

Update Password Example

The following command modifies egUser's password to ChangeThisToAStrongPassword. The command uses the default profile, which contains the project ID and Programmatic API Keys for accessing the cluster.

mongocli atlas dbuser update egUser --password ChangeThisToAStrongPassword
--output json

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
         "roles": [{
                     "roleName": "atlasAdmin",
                     "databaseName": "admin"
             }],
         "groupId": "5e2211c17a3e5a48f5497de3",
         "username": "egUser",
         "databaseName": "admin",
         "ldapAuthType": "NONE"
 }

Update Roles Example

The following examples show two ways to update egUser's roles.

The following command shows the --role option with readWriteAnyDatabase and clusterMonitor privileges separated by a comma. The command uses the default profile, which contains the project ID and Programmatic API Keys for accessing the cluster.

mongocli atlas dbuser update egUser --password ChangeThisToAStrongPassword --role readWriteAnyDatabase@admin,clusterMonitor@admin --output json

The following command specifies the --role option twice, once for each privilege. The command uses the default profile where the project ID and Programmatic API Keys for accessing the cluster are saved.

mongocli atlas dbuser update egUser --password ChangeThisToAStrongPassword --role readWriteAnyDatabase@admin --role clusterMonitor@admin --output json

The commands print the following fields to the terminal. To learn more about these fields, see Output.

{
          "roles": [{
                          "roleName": "readWriteAnyDatabase",
                          "databaseName": "admin"
                 },
                 {
                      "roleName": "clusterMonitor",
                          "databaseName": "admin"
                 }],
           "groupId": "5e2211c17a3e5a48f5497de3",
           "username": "egUser",
           "databaseName": "admin",
           "ldapAuthType": "NONE"
 }

Back

Create a Database User

Delete a Database User