Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Built-In Roles and Privileges

On this page

  • Built-in Roles
  • Specific Privileges

The available Atlas built-in roles and specific privileges support a subset of MongoDB commands. See Unsupported Commands in M10+ Clusters for more information.

The following table describes the Atlas built-in roles and the MongoDB Roles or privilege actions they represent.

Note

Protected MongoDB Database Namespaces

The following databases are read-only for all users, including those with the atlasAdmin or clusterMonitor role.

  • local

  • config

We discourage writing to the admin database. Atlas manages multiple collections in the admin database, and these collections are read-only for all users.

atlasAdmin has the update privilege on the config.settings collection to manage the balancer.

Atlas Built-in Role
MongoDB Role
Inherited Roles or Privilege Actions
Atlas admin
atlasAdmin
Read and write to any database
readWriteAnyDatabase
Only read any database
readAnyDatabase

To learn more about common commands that Atlas doesn't support with the current Atlas user privileges, see Unsupported Commands in M10+ Clusters

The following table describes the Atlas specific privileges, the database it applies to, and the privilege actions they represent.

Atlas Specific Privilege
Database
Privilege Actions
backup
admin
clusterMonitor
admin
dbAdmin
User configured
dbAdminAnyDatabase
User configured except local and config
enableSharding
read
User configured
readWrite
User configured
killOpSession
User configured
readWriteAnyDatabase
User configured except local and config
readAnyDatabase
User configured except local and config

Back

Database Users

Next

Custom Database Roles