diff --git a/mongodbatlas/data_source_mongodbatlas_database_user.go b/mongodbatlas/data_source_mongodbatlas_database_user.go
index 92a0bd1c77..7e304322c0 100644
--- a/mongodbatlas/data_source_mongodbatlas_database_user.go
+++ b/mongodbatlas/data_source_mongodbatlas_database_user.go
@@ -77,6 +77,22 @@ func dataSourceMongoDBAtlasDatabaseUser() *schema.Resource {
 					},
 				},
 			},
+			"scopes": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -136,6 +152,10 @@ func dataSourceMongoDBAtlasDatabaseUserRead(d *schema.ResourceData, meta interfa
 		return fmt.Errorf("error setting `labels` for database user (%s): %s", d.Id(), err)
 	}
 
+	if err := d.Set("scopes", flattenScopes(dbUser.Scopes)); err != nil {
+		return fmt.Errorf("error setting `scopes` for database user (%s): %s", d.Id(), err)
+	}
+
 	d.SetId(encodeStateID(map[string]string{
 		"project_id":         projectID,
 		"username":           username,
diff --git a/mongodbatlas/data_source_mongodbatlas_database_users.go b/mongodbatlas/data_source_mongodbatlas_database_users.go
index d4376e6273..163fba8dda 100644
--- a/mongodbatlas/data_source_mongodbatlas_database_users.go
+++ b/mongodbatlas/data_source_mongodbatlas_database_users.go
@@ -81,6 +81,22 @@ func dataSourceMongoDBAtlasDatabaseUsers() *schema.Resource {
 								},
 							},
 						},
+						"scopes": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+									"type": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -123,6 +139,7 @@ func flattenDBUsers(dbUsers []matlas.DatabaseUser) []map[string]interface{} {
 				"x509_type":          dbUsers[i].X509Type,
 				"aws_iam_type":       dbUsers[i].AWSIAMType,
 				"labels":             flattenLabels(dbUsers[i].Labels),
+				"scopes":             flattenScopes(dbUsers[i].Scopes),
 			}
 		}
 	}
diff --git a/mongodbatlas/data_source_mongodbatlas_database_users_test.go b/mongodbatlas/data_source_mongodbatlas_database_users_test.go
index b5a5fa0cc6..9c21400f22 100644
--- a/mongodbatlas/data_source_mongodbatlas_database_users_test.go
+++ b/mongodbatlas/data_source_mongodbatlas_database_users_test.go
@@ -37,6 +37,7 @@ func TestAccDataSourceMongoDBAtlasDatabaseUsers_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.x509_type"),
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.username"),
 					resource.TestCheckResourceAttrSet(resourceName, "results.0.roles.#"),
+					resource.TestCheckResourceAttrSet(resourceName, "results.0.scopes.#"),
 				),
 			},
 		},
diff --git a/website/docs/d/database_user.html.markdown b/website/docs/d/database_user.html.markdown
index 3414363bb5..1dbd718fc8 100644
--- a/website/docs/d/database_user.html.markdown
+++ b/website/docs/d/database_user.html.markdown
@@ -63,6 +63,9 @@ In addition to all arguments above, the following attributes are exported:
 * `roles` - List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See [Roles](#roles) below for more details.
 * `x509_type` - X.509 method by which the provided username is authenticated.
 * `aws_iam_type` - The new database user authenticates with AWS IAM credentials. Default is `NONE`, `USER` means user has AWS IAM user credentials, `ROLE` - means user has credentials associated with an AWS IAM role.
+* `scopes` - Array of clusters and Atlas Data Lakes that this user has access to.
+    * `name` - Name of the cluster or Atlas Data Lake that the user has access to.
+    * `type` - Type of resource that the user has access to. Valid values are: `CLUSTER` and `DATA_LAKE`
 
 ### Roles
 
diff --git a/website/docs/d/database_users.html.markdown b/website/docs/d/database_users.html.markdown
index d8afa01dbf..981bb0cd62 100644
--- a/website/docs/d/database_users.html.markdown
+++ b/website/docs/d/database_users.html.markdown
@@ -74,6 +74,9 @@ Possible values include:
 
 * `x509_type` - X.509 method by which the provided username is authenticated.
 * `aws_iam_type` - The new database user authenticates with AWS IAM credentials. Default is `NONE`, `USER` means user has AWS IAM user credentials, `ROLE` - means user has credentials associated with an AWS IAM role.
+* `scopes` - Array of clusters and Atlas Data Lakes that this user has access to.
+    * `name` - Name of the cluster or Atlas Data Lake that the user has access to.
+    * `type` - Type of resource that the user has access to. Valid values are: `CLUSTER` and `DATA_LAKE`
 
 ### Roles
 
diff --git a/website/docs/r/database_user.html.markdown b/website/docs/r/database_user.html.markdown
index 582081235d..043c46650a 100644
--- a/website/docs/r/database_user.html.markdown
+++ b/website/docs/r/database_user.html.markdown
@@ -39,6 +39,11 @@ resource "mongodbatlas_database_user" "test" {
     key   = "My Key"
     value = "My Value"
   }
+
+  scopes {
+    name   = "My cluster name"
+    type = "CLUSTER"
+  }
 }
 ```
 
@@ -59,6 +64,11 @@ resource "mongodbatlas_database_user" "test" {
     key   = "%s"
     value = "%s"
   }
+
+  scopes {
+    name   = "My cluster name"
+    type = "CLUSTER"
+  }
 }
 ```
 
@@ -74,6 +84,9 @@ Accepted values include:
 * `roles` - (Required) 	List of user’s roles and the databases / collections on which the roles apply. A role allows the user to perform particular actions on the specified database. A role on the admin database can include privileges that apply to the other databases as well. See [Roles](#roles) below for more details.
 * `username` - (Required) Username for authenticating to MongoDB.
 * `password` - (Required) User's initial password. A value is required to create the database user, however the argument but may be removed from your Terraform configuration after user creation without impacting the user, password or Terraform management. IMPORTANT --- Passwords may show up in Terraform related logs and it will be stored in the Terraform state file as plain-text. Password can be changed after creation using your preferred method, e.g. via the MongoDB Atlas UI, to ensure security.  If you do change management of the password to outside of Terraform be sure to remove the argument from the Terraform configuration so it is not inadvertently updated to the original password.
+* `scopes` - (Optional) Array of clusters and Atlas Data Lakes that this user has access to. If omitted, Atlas grants the user access to all the clusters and Atlas Data Lakes in the project by default.
+    * `name` - (Required) Name of the cluster or Atlas Data Lake that the user has access to.
+    * `type` - (Required) Type of resource that the user has access to. Valid values are: `CLUSTER` and `DATA_LAKE`
 
 * `x509_type` - (Optional) X.509 method by which the provided username is authenticated. If no value is given, Atlas uses the default value of NONE. The accepted types are:
   * `NONE` -	The user does not use X.509 authentication.