Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Atlas User Roles

On this page

  • Organization Roles
  • Project Roles

Atlas user roles define the actions Atlas users can perform in organizations, projects, or both. Organization and project Owners can manage Atlas users and their roles within their respective organizations and projects.

You can apply these permissions only on the the organization level or the project level. So, you should carefully plan the hierarchy of your organizations and projects. To learn more, see Cluster Management.

Organization Role (UI)
Organization Role (API)
Description
Organization Owner
ORG_OWNER

Grants root access to the organization, including:

  • Project Owner access to all projects in the organization, which grants database access, even if added to a project with a non-Owner role.

  • Privileges to administer organization settings.

  • Privileges to add, modify, or delete Atlas users and database users within the organization.

  • Privileges to delete the organization.

  • Privileges to add, modify, or delete resource tags.

  • All the privileges granted by the other organization roles combined.

Organization Project Creator
ORG_GROUP_CREATOR

Grants the following access:

  • Privileges to create projects in the organization.

  • Privileges granted by the Organization Member role.

Organization Billing Admin
ORG_BILLING_ADMIN

Grants the following access:

  • Privileges to administer billing information for the organization.

  • Privileges granted by the Organization Member role.

  • Privileges to create, edit, delete, acknowledge, and unacknowledge billing alerts.

Organization Billing Viewer
ORG_BILLING_READ_ONLY

Grants the following access:

  • Privileges to view billing information for the organization.

  • Privileges granted by the Organization Member role.

Organization Read Only
ORG_READ_ONLY
Provides read-only access to the settings, users, and projects in the organization.
Organization Member
ORG_MEMBER

Provides read-only access to the settings and users in the organization and the projects they belong to.

Unlike Organization Read Only, an Organization Member can only access projects they have been explicitly added to.

For an Organization Member, within a project, the user has the privileges as determined by the user's project role. If a user's project role is Project Owner, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

The following roles grant privileges within a project.

Project Role (UI)
Project Role (API)
Description
Project Owner
GROUP_OWNER

Grants the privileges to perform the following actions:

Project Cluster Manager
GROUP_CLUSTER_MANAGER

A user with the Project Cluster Manager role can perform the following tasks:

The Project Cluster Manager role doesn't allow users to:

Project Stream Processing Owner
GROUP_STREAM_PROCESSING_OWNER
Project Data Access Admin
GROUP_DATA_ACCESS_ADMIN

Grants access to the Data Explorer. This role also grants privileges of Project Read Only.

Allows the user to perform the following Data Explorer actions:

The Project Data Access Admin role does not grant privileges to initiate backup or restore jobs.

Project Data Access Read/Write
GROUP_DATA_ACCESS_READ_WRITE

Grants access to the Data Explorer; specifically, the privileges to perform the following through the Atlas UI:

Project Data Access Read Only
GROUP_DATA_ACCESS_READ_ONLY

Grants access to the Data Explorer; specifically, to perform the following actions through the Atlas UI:

Project Read Only
GROUP_READ_ONLY

Grants metadata view-only access to the project control pane for all of the projects in the organization, including: all activity, operational data, users, and user roles. The user, however, cannot access the Data Explorer or retrieve process and audit logs. The user can view cluster metric charts.

Grants access to MongoDB Charts only if invited to the project by a Project Owner. The user, however, cannot access data from Charts, unless the Project Owner also grants them data source access.

Project Search Index Editor
GROUP_SEARCH_INDEX_EDITOR

Back

Authorization