Remove One Project Role from One MongoDB Cloud User
Removes one project-level role from the MongoDB Cloud user. You can remove a role from an active user or a user that has been invited to join the project. To replace a user's only role, add the new role before removing the old role. A user must have at least one role at all times. To use this resource, the requesting Service Account or API Key must have the Project Owner role.
Note: This resource cannot be used to remove a role from users invited using the deprecated Invite One MongoDB Cloud User to Join One Project endpoint.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$
. -
Unique 24-hexadecimal digit string that identifies the pending or active user in the project. If you need to lookup a user's userId or verify a user's status in the organization, use the Return All MongoDB Cloud Users in One Project resource and filter by username.
Format should match the following pattern:
^([a-f0-9]{24})$
.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelope
JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false
. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false
.Prettyprint
Body
Required
Project-level role to remove from the MongoDB Cloud user.
-
Project-level role.
Values are
GROUP_OWNER
,GROUP_CLUSTER_MANAGER
,GROUP_STREAM_PROCESSING_OWNER
,GROUP_DATA_ACCESS_ADMIN
,GROUP_DATA_ACCESS_READ_WRITE
,GROUP_DATA_ACCESS_READ_ONLY
,GROUP_READ_ONLY
,GROUP_SEARCH_INDEX_EDITOR
,GROUP_BACKUP_MANAGER
,GROUP_OBSERVABILITY_VIEWER
, orGROUP_DATABASE_ACCESS_ADMIN
.
atlas api removeProjectRole --help
import (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
client, err := sdk.NewClient(
sdk.UseOAuthAuth(clientID, clientSecret),
sdk.UseBaseURL(url))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.RemoveProjectRoleApiParams{}
sdkResp, httpResp, err := client.MongoDBCloudUsersApi.
RemoveProjectRoleWithParams(ctx, params).
Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/users/{userId}:removeRole" \
-d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/users/{userId}:removeRole" \
-d '{ <Payload> }'
{
"groupRole": "GROUP_OWNER"
}
{
"id": "32b6e34b3d91647abb20e7b8",
"orgMembershipStatus": "PENDING",
"roles": {
"groupRoleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"groupRoles": [
"GROUP_OWNER"
]
}
],
"orgRoles": [
"ORG_OWNER"
]
},
"teamIds": [
"32b6e34b3d91647abb20e7b8"
],
"username": "hello@example.com",
"invitationCreatedAt": "2025-05-04T09:42:00Z",
"invitationExpiresAt": "2025-05-04T09:42:00Z",
"inviterUsername": "hello@example.com"
}
{
"id": "32b6e34b3d91647abb20e7b8",
"orgMembershipStatus": "PENDING",
"roles": {
"groupRoleAssignments": [
{
"groupId": "32b6e34b3d91647abb20e7b8",
"groupRoles": [
"GROUP_OWNER"
]
}
],
"orgRoles": [
"ORG_OWNER"
]
},
"teamIds": [
"32b6e34b3d91647abb20e7b8"
],
"username": "hello@example.com",
"country": "US",
"createdAt": "2025-05-04T09:42:00Z",
"firstName": "John",
"lastAuth": "2025-05-04T09:42:00Z",
"lastName": "Doe",
"mobileNumber": "string"
}
{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}
{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}
{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}
{
"error": 409,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot delete organization link while there is active migration in following project ids: 60c4fd418ebe251047c50554",
"reason": "Conflict",
"errorCode": "CANNOT_DELETE_ORG_ACTIVE_LIVE_MIGRATION_ATLAS_ORG_LINK"
}
{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}