Remove One Project Role from One MongoDB Cloud User

POST /api/atlas/v2/groups/{groupId}/users/{userId}:removeRole

Removes one project-level role from the MongoDB Cloud user. You can remove a role from an active user or a user that has been invited to join the project. To replace a user's only role, add the new role before removing the old role. A user must have at least one role at all times. To use this resource, the requesting Service Account or API Key must have the Project Owner role.

Note: This resource cannot be used to remove a role from users invited using the deprecated Invite One MongoDB Cloud User to Join One Project endpoint.

Deprecated: Invite One MongoDB Cloud User to Join One Project

Path parameters

  • groupId string Required

    Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.

    NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.

    Format should match the following pattern: ^([a-f0-9]{24})$.

  • userId string Required

    Unique 24-hexadecimal digit string that identifies the pending or active user in the project. If you need to lookup a user's userId or verify a user's status in the organization, use the Return All MongoDB Cloud Users in One Project resource and filter by username.

    Format should match the following pattern: ^([a-f0-9]{24})$.

Query parameters

  • envelope boolean

    Flag that indicates whether Application wraps the response in an envelope JSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.

    Default value is false.

  • pretty boolean

    Flag that indicates whether the response body should be in the prettyprint format.

    Default value is false.

    Prettyprint
application/vnd.atlas.2025-02-19+json

Body Required

Project-level role to remove from the MongoDB Cloud user.

  • groupRole string Required

    Project-level role.

    Values are GROUP_OWNER, GROUP_CLUSTER_MANAGER, GROUP_STREAM_PROCESSING_OWNER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_WRITE, GROUP_DATA_ACCESS_READ_ONLY, GROUP_READ_ONLY, GROUP_SEARCH_INDEX_EDITOR, GROUP_BACKUP_MANAGER, GROUP_OBSERVABILITY_VIEWER, or GROUP_DATABASE_ACCESS_ADMIN.

Responses

  • 200 application/vnd.atlas.2025-02-19+json

    OK

    One of:
    Hide attributes Show attributes
    • id string Required

      Unique 24-hexadecimal digit string that identifies the MongoDB Cloud user.

      Format should match the following pattern: ^([a-f0-9]{24})$.

    • orgMembershipStatus string Required Discriminator

      String enum that indicates whether the MongoDB Cloud user has a pending invitation to join the organization or they are already active in the organization.

      Value is PENDING.

    • roles object Required

      Organization- and project-level roles assigned to one MongoDB Cloud user within one organization.

      Hide roles attributes Show roles attributes object
      • groupRoleAssignments array[object]

        List of project-level role assignments assigned to the MongoDB Cloud user.

        Hide groupRoleAssignments attributes Show groupRoleAssignments attributes object
        • groupId string

          Unique 24-hexadecimal digit string that identifies the project to which these roles belong.

          Format should match the following pattern: ^([a-f0-9]{24})$.

        • groupRoles array[string]

          One or more project-level roles assigned to the MongoDB Cloud user.

          Values are GROUP_OWNER, GROUP_CLUSTER_MANAGER, GROUP_STREAM_PROCESSING_OWNER, GROUP_DATA_ACCESS_ADMIN, GROUP_DATA_ACCESS_READ_WRITE, GROUP_DATA_ACCESS_READ_ONLY, GROUP_READ_ONLY, GROUP_SEARCH_INDEX_EDITOR, GROUP_BACKUP_MANAGER, GROUP_OBSERVABILITY_VIEWER, or GROUP_DATABASE_ACCESS_ADMIN.

      • orgRoles array[string]

        One or more organization-level roles assigned to the MongoDB Cloud user.

        Values are ORG_OWNER, ORG_GROUP_CREATOR, ORG_BILLING_ADMIN, ORG_BILLING_READ_ONLY, ORG_READ_ONLY, or ORG_MEMBER.

    • teamIds array[string]

      List of unique 24-hexadecimal digit strings that identifies the teams to which this MongoDB Cloud user belongs.

      Format of each should match the following pattern: ^([a-f0-9]{24})$.

    • username string(email) Required

      Email address that represents the username of the MongoDB Cloud user.

    • invitationCreatedAt string(date-time) Required

      Date and time when MongoDB Cloud sent the invitation. MongoDB Cloud represents this timestamp in ISO 8601 format in UTC.

    • invitationExpiresAt string(date-time) Required

      Date and time when the invitation from MongoDB Cloud expires. MongoDB Cloud represents this timestamp in ISO 8601 format in UTC.

    • inviterUsername string(email) Required

      Username of the MongoDB Cloud user who sent the invitation to join the organization.

  • 400 application/json

    Bad Request.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 401 application/json

    Unauthorized.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 403 application/json

    Forbidden.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 404 application/json

    Not Found.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 409 application/json

    Conflict.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

  • 500 application/json

    Internal Server Error.

    Hide response attributes Show response attributes object
    • badRequestDetail object

      Bad request detail.

      Hide badRequestDetail attribute Show badRequestDetail attribute object
      • fields array[object]

        Describes all violations in a client request.

        Hide fields attributes Show fields attributes object
        • description string Required

          A description of why the request element is bad.

        • field string Required

          A path that leads to a field in the request body.

    • detail string

      Describes the specific conditions or reasons that cause each type of error.

    • error integer(int32) Required

      HTTP status code returned with this error.

      External documentation
    • errorCode string Required

      Application error code returned with this error.

    • parameters array[object]

      Parameters used to give more information about the error.

    • reason string

      Application error message returned with this error.

POST /api/atlas/v2/groups/{groupId}/users/{userId}:removeRole
atlas api removeProjectRole --help
import (
	"os"
	"context"
	"log"
	sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)

func main() {
	ctx := context.Background()
	clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
	clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")

	client, err := sdk.NewClient(
		sdk.UseOAuthAuth(clientID, clientSecret),
		sdk.UseBaseURL(url))

	if err != nil {
		log.Fatalf("Error: %v", err)
	}

	params = &sdk.RemoveProjectRoleApiParams{}
	sdkResp, httpResp, err := client.MongoDBCloudUsersApi.
		RemoveProjectRoleWithParams(ctx, params).
		Execute()
}
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/users/{userId}:removeRole" \
  -d '{ <Payload> }'
curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
  --digest \
  --header "Accept: application/vnd.atlas.2025-03-12+json" \
  --header "Content-Type: application/json" \
  -X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/users/{userId}:removeRole" \
  -d '{ <Payload> }'
Request examples
{
  "groupRole": "GROUP_OWNER"
}
Response examples (200)
{
  "id": "32b6e34b3d91647abb20e7b8",
  "orgMembershipStatus": "PENDING",
  "roles": {
    "groupRoleAssignments": [
      {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "groupRoles": [
          "GROUP_OWNER"
        ]
      }
    ],
    "orgRoles": [
      "ORG_OWNER"
    ]
  },
  "teamIds": [
    "32b6e34b3d91647abb20e7b8"
  ],
  "username": "hello@example.com",
  "invitationCreatedAt": "2025-05-04T09:42:00Z",
  "invitationExpiresAt": "2025-05-04T09:42:00Z",
  "inviterUsername": "hello@example.com"
}
{
  "id": "32b6e34b3d91647abb20e7b8",
  "orgMembershipStatus": "PENDING",
  "roles": {
    "groupRoleAssignments": [
      {
        "groupId": "32b6e34b3d91647abb20e7b8",
        "groupRoles": [
          "GROUP_OWNER"
        ]
      }
    ],
    "orgRoles": [
      "ORG_OWNER"
    ]
  },
  "teamIds": [
    "32b6e34b3d91647abb20e7b8"
  ],
  "username": "hello@example.com",
  "country": "US",
  "createdAt": "2025-05-04T09:42:00Z",
  "firstName": "John",
  "lastAuth": "2025-05-04T09:42:00Z",
  "lastName": "Doe",
  "mobileNumber": "string"
}
Response examples (400)
{
  "error": 400,
  "detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
  "reason": "Bad Request",
  "errorCode": "VALIDATION_ERROR"
}
Response examples (401)
{
  "error": 401,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Unauthorized",
  "errorCode": "NOT_ORG_GROUP_CREATOR"
}
Response examples (403)
{
  "error": 403,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Forbidden",
  "errorCode": "CANNOT_CHANGE_GROUP_NAME"
}
Response examples (404)
{
  "error": 404,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
  "reason": "Not Found",
  "errorCode": "RESOURCE_NOT_FOUND"
}
Response examples (409)
{
  "error": 409,
  "detail": "(This is just an example, the exception may not be related to this endpoint) Cannot delete organization link while there is active migration in following project ids: 60c4fd418ebe251047c50554",
  "reason": "Conflict",
  "errorCode": "CANNOT_DELETE_ORG_ACTIVE_LIVE_MIGRATION_ATLAS_ORG_LINK"
}
Response examples (500)
{
  "error": 500,
  "detail": "(This is just an example, the exception may not be related to this endpoint)",
  "reason": "Internal Server Error",
  "errorCode": "UNEXPECTED_ERROR"
}