Docs Menu

Atlas User Roles

On this page

  • Organization Roles
  • Project Roles

Atlas user roles define the actions Atlas users can perform in organizations, projects, or both. Organization and project Owners can manage Atlas users and their roles within their respective organizations and projects.

Organization Role
Description
Organization Owner

Grants root access to the organization, including:

  • Project Owner access to all projects in the organization, even if added to a project with a non-Owner role.
  • Privileges to administer organization settings.
  • Privileges to add/remove/edit users to the organization.
  • Privileges to delete the organization.
  • All the privileges granted by the other organization roles combined.
Organization Project Creator

Grants the following access:

  • Privileges to create projects in the organization.
  • Privileges granted by the Organization Member role.
Organization Billing Admin

Grants the following access:

  • Privileges to administer billing information for the organization.
  • Privileges granted by the Organization Member role.
  • Privileges to create, edit, delete, acknowledge, and unacknowledge billing alerts.
Organization Read Only

Provides read-only access to everything in the organization, including all projects in the organization.

For an Organization Member, within a project, the user has the privileges as determined by the user's project role. If a user's project role is Project Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Organization Member

Provides read-only access to the organization (settings, users, and billing) and the projects to which they belong.

For an Organization Member, within a project, the user has the privileges as determined by the user's project role. If a user's project role is Project Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

The following roles grant privileges within a project.

Project Role
Description
Project Owner

Grants the privileges to perform the following actions:

Project Cluster Manager

A user with the Project Cluster Manager role can perform the following tasks:

The Project Cluster Manager role doesn't allow users to:

Project Data Access Admin

Grants access to Data Explorer. This role also grants privileges of Project Read Only.

Allows the user to perform the following Data Explorer actions:

  • View, create, and drop databases, collections, and indexes.
  • View, modify, and delete documents.
  • Retrieve process and audit logs for all clusters in the project.
  • View the sample query field values in the Monitor and Improve Slow Queries.

The Project Data Access Admin role does not grant privileges to initiate backup or restore jobs.

Project Data Access Read/Write

Grants access to Data Explorer; specifically, the privileges to perform the following through Data Explorer:

  • View and create databases and collections.
  • View, modify, and delete documents.
  • View indexes.
  • Retrieve process and audit logs for all clusters in the project.
  • View the sample query field values in the Monitor and Improve Slow Queries.
Project Data Access Read Only

Grants access to Data Explorer; specifically, to perform the following actions through Data Explorer:

Project Read Only
Grants metadata view-only access to the project control pane, including: all activity, operational data, users, and user roles. The user, however, cannot access the Data Explorer or retrieve process and audit logs.
Give Feedback
© 2021 MongoDB, Inc.

About

  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.