fix(mdb): multi-user - MTA-6329 (#5377)

ldecarvalho-doc · web-flow · commit 353303310d4a · 2025-08-11T14:09:56.000+02:00
diff --git a/menu/navigation.json b/menu/navigation.json
@@ -2450,6 +2450,10 @@
               },
               {
                 "items": [
+                  {
+                    "label": "Managing users",
+                    "slug": "managing-users-api"
+                  },
                   {
                     "label": "Back up and restore MongoDB® Databases",
                     "slug": "backup-and-restore"
diff --git a/pages/managed-mongodb-databases/api-cli/managing-users-api.mdx b/pages/managed-mongodb-databases/api-cli/managing-users-api.mdx
@@ -0,0 +1,129 @@
+---
+title: Managing MongoDB® users with the Scaleway API
+description: This page explains how to manage MongoDB® users via the API
+tags: managed-database database postgresql mongodb database-instance mongodb
+dates:
+  validation: 2025-05-08
+  posted: 2025-04-08
+---
+
+When you create your MongoDB® Database Instance, a default user with administrative privileges is automatically created.
+
+You can create more users and grant them pre-set roles via the [Scaleway Managed MongoDB® API](https://www.scaleway.com/en/developers/api/managed-database-mongodb/).
+
+<Message type="important">
+  All users you create initially have administrator roles, which can be modified after creation using the [Apply user roles](https://www.scaleway.com/en/developers/api/managed-database-mongodb/#path-users-apply-user-roles) API call. However, the default user's role cannot be changed.
+</Message>
+
+### How to create a user
+
+1. Edit the POST request payload you will use to create your user. Replace the values of each parameter with your values of choice following the parameter descriptions below.
+    ```
+      {
+        "name": "<username>",
+        "password": "<password>",
+      }
+    ```
+
+    | Parameter        | Description                                                        |
+    | :--------------- | :----------------------------------------------------------------- |
+    | `name`     | Set a name for the database user. |
+    | `password`           | Set a password for the database user.|
+
+2. Run the following command to create a user. Make sure you include the payload you edited in the previous step. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
+    ```
+    curl -X POST \
+      -H "X-Auth-Token: $SCW_SECRET_KEY" \
+      -H "Content-Type: application/json" \
+      -d '{
+        "name": "<username>",
+        "password": "<password>",
+          }' \
+      "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/par/instances/{instance_id}/users"
+    ```
+
+    You should get a response like the following:
+    ```
+    {
+      "name": "<username>",
+      "password": "<password>",
+        "roles": [
+          {
+            "role": "read_write",
+            "any_database": true
+          },
+          {
+            "role": "db_admin",
+            "any_database": true
+          },
+          {
+            "role": "sync",
+            "any_database": true
+          }
+        ]
+    }
+    ```
+
+All users you create will have the `read_write`, `db_admin` and `sync` roles on all databases by default.
+
+You can follow the steps below to update a user's role(s) to the one(s) of your choice.
+
+### How to apply a role to a user
+
+1. Edit the POST request payload you will use to update the user role. Replace the values of each parameter with your values of choice following the parameter descriptions below.
+
+    In this example, we define a single `read_write` role for the user. This role applies only in the `example-db` database.
+
+    <Message type="tip">
+      To grant the user this role in all databases, you can set `any_database` to true.
+    </Message>
+
+    ```
+    {
+      "name": "<username>",
+      "roles": [
+        {
+          "role": "read_write",
+          "database": "example-db",
+          "any_database": false
+        }
+      ]
+    }
+    ```
+
+    | Role        | Description                                                        |
+    | :--------------- | :----------------------------------------------------------------- |
+    | `read`     | Read privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-read) for an extensive list of the privileges granted to this role. |
+    | `read_write`           | Read and write privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readWrite) for an extensive list of the privileges granted to this role. |
+    | `db_admin`           | Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-dbAdmin) for an extensive list of the privileges granted to this role. |
+    | `sync`           | Role that aggregates three MongoDB roles:   |
+    |            | `clusterMonitor` - Read-only access to monitoring tools. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-clusterMonitor) for an extensive list of the privileges granted to this role.  |
+    |            | `backup` -  Grants the minimal privileges needed to back up data. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-backup) for an extensive list of the privileges granted to this role. |
+    |            | `restore` - Grants the privileges needed to restore data from backups. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-restore) for an extensive list of the privileges granted to this role.   |
+
+2. Run the following command to apply a new role to the user. Make sure you include the payload you edited in the previous step and that you replace the parameters in the call with your information. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
+
+    ```
+    curl -X PUT \
+      -H "X-Auth-Token: $SCW_SECRET_KEY" \
+      -H "Content-Type: application/json" \
+      -d '{
+        "name": "<username>",
+        "roles": [
+          {
+            "role": "read_write",
+            "database": "<name_of_database>"
+            "any_database": false
+          }
+        ]
+      }' \
+      "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/instances/{instance_id}/roles"
+    ```
+
+    If the call was successful, you will get the payload with the new role(s) as a response.
+
+    <Message type="note">
+      Assigning roles upon user creation will be possible by the second half of 2025. Refer to the [Scaleway Changelog](/changelog/?product=mongodb) to keep up with the latest Managed MongoDB® updates.
+    </Message>
+
+
diff --git a/pages/managed-mongodb-databases/how-to/manage-users.mdx b/pages/managed-mongodb-databases/how-to/manage-users.mdx
@@ -1,6 +1,6 @@
 ---
 title: How to manage a MongoDB® Database Instance user
-description: This page explains how to manage the MongoDB® Database Instance default user
+description: This page explains how to manage MongoDB® Database Instance users
 tags: managed-database database postgresql mongodb database-instance mongodb
 dates:
   validation: 2025-04-08
@@ -18,133 +18,59 @@ Users can connect to a database and access its data.
 - A valid [API key](/iam/how-to/create-api-keys/)
 - A [MongoDB® Database Instance](/managed-mongodb-databases/quickstart)
 
-## How to change the password of your user
+## How to create a new user
+
+1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
+2. Click the database name to access the Database Instance information page.
+3. Go to the **Users** tab.
+4. Click **Create user**. A pop-up appears.
+5. Enter a username and password for the user.
+6. Click **Create User** to confirm. Your user is created. The privilege configuration wizard displays.
+7. Set the privileges of your new user. You can select one or both of the following:
+
+    - **Global roles** - the privileges you set will apply to all your databases, existing and future. You can set one or more global roll at a time. The available global roles include:
+        - **Ready-only** (`read`) - Read privileges on all non-system collections and the `system.js` collection.
+        - **Read and write** (`read_write`) - Read and write privileges on all non-system collections and the `system.js` collection.
+        - **Sync** (`sync`) - Role that aggregates three MongoDB roles: `clusterMonitor`, `backup` and `restore`. This role can only be granted as a global role
+        - **DB admin** (`db_admin`) - Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management.
+    - **Specific roles** - the privileges will only apply to the databases you define. All global roles except `sync` can also be defined as specific roles.
+
+        <Message type="important">
+          You can manually enter a database that does not yet appear in the list and set privileges for it. This might be helpful as it can take up to 15 minutes before a recently created database appears in the list. You can also set privileges for databases before you create them. Keep in mind that the name you define in this step must be identical in spelling to that of the actual database.
+        </Message>
+
+        <Message type="tip">
+        Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/) for an extensive list of the privileges granted to each role.
+        </Message>
+
+    If you set a **global role**, select one or more roles in the drop-down.
+
+    If you set **specific roles**, enter the database(s) to which you want to apply the role first, then click **Set privileges**.
+    Check the box corresponding to the role(s) you wish to apply to each database in the list.
+
+8. Click **Confirm** after reviewing your configuration.
+
+The list of your users is updated. You can see an overview of the global and speficic roles next to the name of each user.
+
+## How to update user privileges
+
+1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
+2. Click the database name to access the Database Instance information page.
+3. Go to the **Users** tab.
+4. Click <Icon name="more" />, then **Update privileges**. A pop-up appears.
+5. Update the privileges according to your preferences, following the instructions described in step 7 of the [procedure above](#how-to-create-a-new-user).
+6. Click **Update** after reviewing your configuration.
+
+## How to change user passwords
 
 1. Click **MongoDB® Databases** under **Databases** on the side menu. A list of your Database Instances displays.
 2. Click the database name or <Icon name="more" /> > **More info** to access the Database Instance information page.
-3. Go to the **Users** tab. Your default user displays.
-4. Click **Change password** to do so. A pop-up appears.
+3. Go to the **Users** tab.
+4. Click <Icon name="more" />, then **Change password**. A pop-up appears.
 5. Enter your new password and confirm.
 
-## How to create multi-users via the API
-
-When you create your MongoDB® Database Instance, the first user is created by default and has admin rights.
-
-You can create more users and grant them pre-set roles via the [Scaleway Managed MongoDB® API](https://www.scaleway.com/en/developers/api/managed-database-mongodb/).
-
-<Message type="important">
-  All users you create have at first administrator roles, which can be changed after creation with the [Apply user roles](https://www.scaleway.com/en/developers/api/managed-database-mongodb/#path-users-apply-user-roles) call. The default user's role cannot be changed.
-</Message>
-
-### How to create a user
-
-1. Edit the POST request payload you will use to create your user. Replace the values of each parameter with your values of choice following the parameter descriptions below.
-    ```
-      {
-        "name": "<username>",
-        "password": "<password>",
-      }
-    ```
-
-    | Parameter        | Description                                                        |
-    | :--------------- | :----------------------------------------------------------------- |
-    | `name`     | Set a name for the database user. |
-    | `password`           | Set a password for the database user.|
-
-2. Run the following command to create a user. Make sure you include the payload you edited in the previous step. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
-    ```
-    curl -X POST \
-      -H "X-Auth-Token: $SCW_SECRET_KEY" \
-      -H "Content-Type: application/json" \
-      -d '{
-        "name": "<username>",
-        "password": "<password>",
-          }' \
-      "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/par/instances/{instance_id}/users"
-    ```
-
-    You should get a response like the following:
-    ```
-    {
-      "name": "<username>",
-      "password": "<password>",
-        "roles": [
-          {
-            "role": "read_write",
-            "any_database": true
-          },
-          {
-            "role": "db_admin",
-            "any_database": true
-          },
-          {
-            "role": "sync",
-            "any_database": true
-          }
-        ]
-    }
-    ```
-
-All users you create will have the `read_write`, `db_admin` and `sync` roles on all databases by default.
-
-You can follow the steps below to update a user's role(s) to the one(s) of your choice.
-
-### How to apply a role to a user
-
-1. Edit the POST request payload you will use to update the user role. Replace the values of each parameter with your values of choice following the parameter descriptions below.
-
-    In this example, we define a single `read_write` role for the user. This role applies only in the `example-db` database.
-
-    <Message type="tip">
-      To grant the user this role in all databases, you can set `any_database` to true.
-    </Message>
-
-    ```
-    {
-      "name": "<username>",
-      "roles": [
-        {
-          "role": "read_write",
-          "database": "example-db",
-          "any_database": false
-        }
-      ]
-    }
-    ```
-
-    | Role        | Description                                                        |
-    | :--------------- | :----------------------------------------------------------------- |
-    | `read`     | Read privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-read) for an extensive list of the privileges granted to this role. |
-    | `read_write`           | Read and write privileges on all non-system collections and the `system.js` collection. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readWrite) for an extensive list of the privileges granted to this role. |
-    | `db_admin`           | Privileges to perform administrative tasks on the database, such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-dbAdmin) for an extensive list of the privileges granted to this role. |
-    | `sync`           | Role that aggregates three MongoDB roles:   |
-    |            | `clusterMonitor` - Read-only access to monitoring tools. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-clusterMonitor) for an extensive list of the privileges granted to this role.  |
-    |            | `backup` -  Grants the minimal privileges needed to back up data. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-backup) for an extensive list of the privileges granted to this role. |
-    |            | `restore` - Grants the privileges needed to restore data from backups. Refer to the [official MongoDB® documentation](https://www.mongodb.com/docs/upcoming/reference/built-in-roles/#mongodb-authrole-restore) for an extensive list of the privileges granted to this role.   |
-
-2. Run the following command to apply a new role to the user. Make sure you include the payload you edited in the previous step and that you replace the parameters in the call with your information. `{instance_id}` corresponds to the UUID of the Managed MongoDB®.
-
-    ```
-    curl -X PUT \
-      -H "X-Auth-Token: $SCW_SECRET_KEY" \
-      -H "Content-Type: application/json" \
-      -d '{
-        "name": "<username>",
-        "roles": [
-          {
-            "role": "read_write",
-            "database": "<name_of_database>"
-            "any_database": false
-          }
-        ]
-      }' \
-      "https://api.scaleway.com/mongodb/v1alpha1/regions/$SCW_REGION/instances/{instance_id}/roles"
-    ```
-
-    If the call was successful, you will get the payload with the new role(s) as a response.
-
-    <Message type="note">
-      Assigning roles upon user creation will be possible by the second half of 2025. Refer to the [Scaleway Changelog](/changelog/?product=mongodb) to keep up with the latest Managed MongoDB® updates.
-    </Message>
+
+
+
 
 

Original file line number	Diff line number	Diff line change
`@@ -2450,6 +2450,10 @@`
`2450`	`2450`	`},`
`2451`	`2451`	`{`
`2452`	`2452`	`"items": [`
	`2453`	`+ {`
	`2454`	`+ "label": "Managing users",`
	`2455`	`+ "slug": "managing-users-api"`
	`2456`	`+ },`
`2453`	`2457`	`{`
`2454`	`2458`	`"label": "Back up and restore MongoDB® Databases",`
`2455`	`2459`	`"slug": "backup-and-restore"`