Custom MongoDB Roles

The customDBRoles resource lets you retrieve, create and modify the custom MongoDB roles in your cluster. Use custom MongoDB roles to specify custom sets of actions which cannot be described by the built-in Atlas database user privileges.

Custom roles cannot use actions unavailable to any cluster version in your project. Custom roles are defined at the project level, and must be compatible with each MongoDB version used by your project’s clusters.

Custom roles in your project must include actions that all of your clusters support.


You can’t create custom roles that use actions introduced in MongoDB 4.0 if your project contains MongoDB 3.6 clusters.


If you have a cluster in your project with MongoDB 3.6, you cannot create a custom role that uses actions introduced in MongoDB 4.0.


Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project ID. For existing groups, your group/project ID remains the same. The resource and corresponding endpoints use the term groups.


The Custom MongoDB Roles resource supports a subset of MongoDB privilege actions. Further, the custom role actions available in the API represent a subset of actions available in the Atlas UI. For a complete list of privilege actions available in the Custom MongoDB Roles resource, see Custom Role Actions.

Base URL:

Method Endpoint Description
GET /groups/{GROUP-ID}/customDBRoles/roles Get all custom MongoDB roles in the project.
GET /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} Get the custom MongoDB role named {ROLE-NAME}.
POST /groups/{GROUP-ID}/customDBRoles/roles Create a new custom MongoDB role in the project.
PATCH /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} Update a custom MongoDB role in the project.
DELETE /groups/{GROUP-ID}/customDBRoles/roles/{ROLE-NAME} Delete a custom MongoDB role from the project.