Atlas User Roles

On this page

Organization Roles

Project Roles

Atlas user roles define the actions Atlas users can perform in organizations, projects, or both. Organization and project Owners can manage Atlas users and their roles within their respective organizations and projects.

You can apply these permissions only on the the organization level or the project level. So, you should carefully plan the hierarchy of your organizations and projects. To learn more, see Database Deployment Management.

Organization Roles

Organization Role	Description
`Organization Owner`	Grants root access to the organization, including: `Project Owner` access to all projects in the organization, even if added to a project with a non-Owner role. Privileges to administer organization settings. Privileges to add/remove/edit Atlas users and database users within the organization. Privileges to delete the organization. All the privileges granted by the other organization roles combined.
`Organization Project Creator`	Grants the following access: Privileges to create projects in the organization. Privileges granted by the `Organization Member` role.
`Organization Billing Admin`	Grants the following access: Privileges to administer billing information for the organization. Privileges granted by the `Organization Member` role. Privileges to create, edit, delete, acknowledge, and unacknowledge billing alerts.
`Organization Read Only`	Provides read-only access to everything in the organization, including all projects in the organization.
`Organization Member`	Provides read-only access to the settings, users, and billing in the organization and the projects they belong to. Unlike `Organization Read Only`, an `Organization Member` can only access projects they have been explicitly added to. For an `Organization Member`, within a project, the user has the privileges as determined by the user's project role. If a user's project role is `Project Owner`, then the user can add a new user to the project, which results in adding the newly-added user to the organization as well (if the newly added user is not already in the organization).

Project Roles

The following roles grant privileges within a project.

Project Role	Description
`Project Owner`	Grants the privileges to perform the following actions: Create a Database Deployment. Manage project access and project settings. Manage IP Access List entries. Manage programmatic access to a project. You can grant API Keys access to a project with either an organization or a project role. If your key has both the `Organization Owner` and `Project Owner` roles, it can access all projects in the organization. Manage database access for database deployments within the project. Retrieve process and audit logs for all clusters in the project. To retrieve logs, you must have the `Project Data Access Read Only` role or higher in the project that the cluster belongs to. Manage backups for and restore data to all clusters in the project. Create MongoDB Realm apps.
`Project Cluster Manager`	A user with the `Project Cluster Manager` role can perform the following tasks: Grants access to edit, pause, and resume Atlas clusters. Test failover. The `Project Cluster Manager` role doesn't allow users to: Create Atlas database deployments. Access the Data Explorer. Retrieve process and audit logs.
`Project Data Access Admin`	Grants access to the Data Explorer. This role also grants privileges of `Project Read Only`. Allows the user to perform the following Data Explorer actions: View, create, and drop databases, collections, and indexes. View, modify, and delete documents. Retrieve process and audit logs for all clusters in the project. View the sample query field values in the Monitor and Improve Slow Queries. The `Project Data Access Admin` role does not grant privileges to initiate backup or restore jobs.
`Project Data Access Read/Write`	Grants access to the Data Explorer; specifically, the privileges to perform the following through the Atlas UI: View and create databases and collections. View, modify, and delete documents. View indexes. Retrieve process and audit logs for all clusters in the project. View the sample query field values in the Monitor and Improve Slow Queries.
`Project Data Access Read Only`	Grants access to the Data Explorer; specifically, to perform the following actions through the Atlas UI: View databases and collections. View documents. View indexes. Retrieve process and audit logs for all clusters in the project. View the sample query field values in the Monitor and Improve Slow Queries.
`Project Read Only`	Grants metadata view-only access to the project control pane, including: all activity, operational data, users, and user roles. The user, however, cannot access the Data Explorer or retrieve process and audit logs.
`Project Search Index Editor`	Grants the privileges to perform the following actions: Create an Atlas Search Index. View an Atlas Search Index. Edit an Atlas Search Index. Delete an Atlas Search Index.

← Atlas UI Authorization Manage Organization Access →

Atlas User Roles.css-134mg1q{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.css-6vrlzm{border-radius:0!important;display:initial!important;margin:initial!important;}.css-1l4s55v{margin-top:-175px;position:absolute;padding-bottom:2px;}

Organization Roles

Project Roles

Atlas User Roles