Atlan supports the basic authentication method for fetching metadata from MongoDB. This method uses a username and password to fetch metadata.
You will also need the following connection details from your MongoDB database deployment for integrating with Atlan:
- Host name of your MongoDB database
- Host name of the SQL (or JDBC) endpoint of your MongoDB database obtained via Data Federation
- Name of the default database
- Name of the authentication database
Create database user in MongoDB
You will need to create a database user in MongoDB to allow Atlan to crawl MongoDB. A database user's access is determined by the role assigned to that user.
You can either:
- Create a database user with a built-in role — provides read-only access to all databases.
- Create a database user with a custom role — provides restricted access to selected databases and requires allowed actions.
Create database user with built-in role
To add a database user with a built-in role for crawling MongoDB:
- Sign in to your MongoDB database.
- From the left menu of the Data Services page, under the Security heading, click Database Access.
- In the upper right of the Database Access page, click Add New Database User.
- In the Add New Database User dialog, enter the following details:
- For Authentication Method, keep the default Password.
- For Password Authentication, there are two text fields:
- Enter a username for the new database user in the top text field — for example,
atlan_user
. - Enter a password in the lower text field or click the Autogenerate Secure Password button to copy and use an auto-generated password.
- Enter a username for the new database user in the top text field — for example,
- To assign database privileges to the new user, for Database Privileges, under Built-in Role, click the Add Built-in Role dropdown to select a built-in role:
- From the Select role dropdown, click Only read any database to assign read-only access to your MongoDB database(s).
- (Optional) By default, users can access all the clusters and federated database instances in the project. To restrict access to specific clusters and federated database instances:
- Toggle on Restrict Access to Specific Clusters/Federated Database Instances.
- For Grant Access To, check the boxes next to the clusters and federated database instances to which you want to grant access to the new database user.
- At the bottom of the dialog, click Add User to finish setup.
Create database user with custom role
If you have a large number of databases, you can programmatically create a custom role in MongoDB using Atlas API instead — refer to MongoDB documentation to learn more.
To add a database user with a custom role for crawling MongoDB:
- Sign in to your MongoDB database.
- From the left menu of the Data Services page, under the Security heading, click Database Access.
- In the Database Access page, change to the Custom Roles tab.
- In the upper right of the Custom Roles page, click Add New Custom Role.
- In the Add Custom Role dialog, for Custom Role Name, enter a meaningful name — for example,
atlan_integration
. - For Action or Role, click Select Actions or Roles and grant the following privileges to the custom role:
- listDatabases, listed under Global Actions and Roles — to list all existing databases in the cluster.
- sqlGetSchema, listed under Global Actions and Roles — to retrieve collection schema generated by MongoDB Atlas Data Federation without read or find permission on the database or collection.
-
listCollections, listed under Database Actions and Roles — to list collections in a database.
- For Database, specify all the databases you want to crawl in Atlan.
- For Collection, you can either specify collections within selected databases or leave blank to include all.
-
collStats, listed under Collection Actions — to retrieve collection metadata such as average document size, document count, and more.
- For Database, specify all the databases you want to crawl in Atlan.
- For Collection, you can either specify collections within selected databases or leave blank to include all.
-
find, listed under Collection Actions — this action provides read permission on the data. Atlan requires this action for the MongoDB JDBC driver to validate Atlan's connection to the database.
- For Database, specify all the databases you want to crawl in Atlan.
- For Collection, you can either specify collections within selected databases, leave blank to include all, or restrict read access by specifying a nonexistent collection such as
na
,none
, or-
against a selected database.
- Click Add Custom Role to complete setup.
- In the Database Access page, change to the Database Users tab.
- In the upper right of the Database Access page, click Add New Database User.
- In the Add New Database User dialog, enter the following details:
- For Authentication Method, keep the default Password.
- For Password Authentication, there are two text fields:
- Enter a username for the new database user in the top text field — for example,
atlan_user
. - Enter a password in the lower text field or click the Autogenerate Secure Password button to copy and use an auto-generated password.
- Enter a username for the new database user in the top text field — for example,
- To assign database privileges to the new user, for Database Privileges, under Custom Roles, click the Add Custom Role dropdown. From the Select role dropdown, select the custom role you created previously.
- (Optional) By default, users can access all the clusters and federated database instances in the project. To restrict access to specific clusters and federated database instances:
- Toggle on Restrict Access to Specific Clusters/Federated Database Instances.
- For Grant Access To, check the boxes next to the clusters and federated database instances to which you want to grant access to the new database user.
- At the bottom of the dialog, click Add User to finish setup.
Data Federation enables a SQL-like interface for Atlan to interact with MongoDB. It also provides schema access to collections that are either generated automatically through sampling or manual updates. This allows Atlan to fetch metadata without read access to databases or collections through the sqlGetSchema
permission.
Retrieve connection details
To retrieve connection details for crawling MongoDB:
- Sign in to your MongoDB database.
- From the left menu of the Data Services page, under the Overview heading, click Database.
- On the Database Deployment page, navigate to the database deployment you want to crawl in Atlan and click Connect. From the corresponding page, under Connect to your application:
- Click Drivers, and then navigate to the Add your connection string into your application code section:
- Copy the host name of your MongoDB database from the code snippet and store it in a secure location. For example, in
mongodb://myDBReader:D1fficultP%40ssw0rd@mongodb0.example.com:27017/?authSource=admin
,mongodb0.example.com
will be the MongoDB native host. - Close the dialog box and return to the Connect to your application page.
- Copy the host name of your MongoDB database from the code snippet and store it in a secure location. For example, in
- Click Atlas SQL, and then navigate to the Select your driver heading:
- From the driver dropdown, click JDBC Driver.
- Navigate to the Get Connection String heading, and then for URL, copy the following connection details and store them in a secure location. As an example,
jdbc:mongodb://atlas-sql-64c0b504b658f37cd67dc406-xtapf.a.query.mongodb.net/atlan_db?ssl=trueauth&Source=admin
:- Copy the host name of the SQL (or JDBC) endpoint of your MongoDB databaseÂ
atlas-sql-64c0b504b658f37cd67dc406-xtapf.a.query.mongodb.net
to enter as the SQL interface host name. - Copy the name of the default database
atlan_db
to enter as the Default database. - Copy the name of the authentication databaseÂ
admin
to enter as the Authentication database.
- Copy the host name of the SQL (or JDBC) endpoint of your MongoDB databaseÂ
- Click Drivers, and then navigate to the Add your connection string into your application code section: