Set up MongoDB (self-managed)

Configure authentication for the MongoDB connector by creating a database user with appropriate permissions. This guide walks you through creating a database user with either a built-in role or a custom role, depending on your access requirements.

Before you begin

The database user you create must have read permission (the find action) on Collections to enable field extraction. Without this permission, only basic metadata is cataloged and column information isn't available. For more details, see What happens when read permission on Collections is missing.

Create database user

To enable Atlan to Crawl MongoDB (self-managed), you must create a database user in MongoDB. Atlan supports SCRAM authentication (SCRAM-SHA-1 and SCRAM-SHA-256) for fetching metadata from MongoDB. This method uses a username and password to authenticate.

Built-in role

Use a built-in MongoDB role to grant read-only access to all databases in your MongoDB instance. For more information, see the MongoDB built-in roles documentation.

1. Connect to your MongoDB instance using MongoDB shell or a MongoDB client.
2. Select the authentication database (usually admin):

   use admin

3. Create a database user with read-only access:

   db.createUser({
     user: "atlan_user",
     pwd: "your_secure_password",
     roles: [{ role: "readAnyDatabase", db: "admin" },
             { role: "clusterMonitor", db: "admin"}]
   })

   • Replace atlan_user with your desired username and your_secure_password with a secure password.
   • The readAnyDatabase built-in role automatically includes all the privileges required by the connector, including listCollections, collStats, and find actions across all databases. Whereas the clusterMonitor built-in role is used to list all databases present in a cluster.

Custom role

Create a custom role to restrict access to specific databases and collections. For more information, see the MongoDB custom roles documentation.

1. Connect to your MongoDB instance using MongoDB shell or a MongoDB client.
2. Select the authentication database (usually admin):

   use admin

3. Create a custom role with the following privileges. For details on the required privileges, see What privileges are required for a custom MongoDB role? in the FAQ.

   db.createRole({
     role: "atlan_integration",
     privileges: [
       {
         resource: { cluster: true },
         actions: ["listDatabases"]
       },
       {
         resource: { db: "", collection: "" },
         actions: ["listCollections"]
       },
       {
         resource: { db: "", collection: "" },
         actions: ["collStats"]
       },
       {
         resoruce: { db: "", collections: ""},
         actions: ["dbStats"]
       },
       {
         resource: { db: "", collection: "" },
         actions: ["find"]
       }
     ],
     roles: []
   })

   • Replace the empty strings in the resource fields with specific database and collection names if you want to restrict access. Leave them empty to grant access to all databases and Collections.
4. Create a database user and assign the custom role:

   db.createUser({
     user: "atlan_user",
     pwd: "your_secure_password",
     roles: [{ role: "atlan_integration", db: "admin" }]
   })

   • Replace atlan_user with your desired username and your_secure_password with a secure password.

Next steps

Now that you've set up the MongoDB connector and created a database user, you're ready to:

• Crawl MongoDB (self-managed): Configure and run metadata extraction from your MongoDB instance