• Organizations and Projects >
• User Roles

User Roles

Organization Roles

Organization Role	Decription
Organization Owner	Grants root access to the organization, including: Project Owner access to all projects in the organization, even if added to a project with a non-Owner role. Privileges to administer organization settings. Privileges to add/remove/edit users to the organization. Privileges to delete the organization. All the privileges granted by the other organization roles combined.
Organization Project Creator	Grants the following access: Privileges to create projects in the organization. Privileges granted by the Organization Member role.
Organization Billing Admin	Grants the following access: Privileges to administer billing information for the organization. Privileges granted by the Organization Member role.
Organization Read Only	Provides read-only access to everything in the organization, including all projects in the organization. For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is Project Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).
Organization Member	Provides read-only access to the organization (settings, users, and billing) and the projects to which they belong. For an Organization Member, within a project, the user has the privileges as determined by the user’s project role. If a user’s project role is Project Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Project Roles

The following roles grant privileges within a project.

Project Role	Decription
Project Owner	Provides full project administration access. A user with Organization Owner role has Project Owner access for all projects in the organization, even if added to a project with a Read Only role.
Project Data Access Admin	Grants access to Data Explorer; specifically, the privileges to perform the following through Data Explorer: View, create, and drop databases, collections, and indexes. View, modify, and delete documents. This role also grants privileges of Project Read Only as well as privileges to view the sample query field values in the Performance Advisor. The Project Data Access Admin role does not grant privileges to initiate backup or restore jobs.
Project Data Access Read/Write	Grants access to Data Explorer; specifically, the privileges to perform the following through Data Explorer: View and create databases and collections. View, modify, and delete documents. View indexes. This role also grants privileges to view the sample query field values in the Performance Advisor.
Project Data Access Read Only	Grants access to Data Explorer; specifically, the privileges to view databases, collections, and indexes through the Data Explorer. This role also grants privileges to view the sample query field values in the Performance Advisor.
Project Read Only	Grants read-only access to most aspects of the project, including: all activity, operational data, users, and user roles. The user, however, cannot access the Data Explorer.

←   Programmatic Access to Atlas MongoDB Reference  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.