MongoDB grants access to data and commands through role-based authorization. MongoDB provides built-in roles that grant the different levels of access commonly needed in a database system.
A role grants privileges to perform sets of actions on defined resources. A given role applies to the database on which it is defined and can grant access down to a collection level of granularity.
Each of MongoDB's built-in roles defines access at the database level for all non-system collections in the role's database and at the collection level for all system collections.
System collections include those in:
<database>.system.*namespacelocal.replset.*replica set namespace
Non-system collections are those not in namespaces in the previous list.
Although MongoDB Atlas database users have different built-in roles than self-hosted deployment users, MongoDB builds the built-in roles for each type of deployment from the same set of privilege actions.
Use the selector at the top of the page to choose your deployment type and see the available built-in roles.