Navigation

Cloud Manager Roles

Cloud Manager roles allow you to grant users different levels of access to Cloud Manager. You can grant a user the privileges needed to perform a specific set of tasks and no more.

To assign user roles, see Edit a User’s or Team’s Role in a Project. You can’t assign your own roles.

Organization Roles

Organization Role Privileges
Organization Owner

An Cloud Manager user with this organization role can:

  • Grants root access to the organization.
  • Grants Project Owner access to all projects in the organization, even if added to a project with a non-Owner role.
  • Use any privilege granted to any organization role.
  • Administer organization settings.
  • Add, edit, or delete users to the organization.
  • Delete the organization.
Organization Project Creator

An Cloud Manager user with this organization role can:

  • Create projects in the organization.
  • Use any privilege granted to the Organization Member role.
Organization Read Only
An Cloud Manager user with this organization role can grant read-only access to everything in the organization, including all projects in the organization.
Organization Member

An Cloud Manager user with this organization role can grant read-only access to the organization (settings, users, and billing) and the projects to which they belong.

Within a project, an Organization Member’s project role sets their project privileges.

A Project User Admin or Owner can add a new Cloud Manager user to a project. This also adds this new Cloud Manager user to that project’s organization.

Organization Billing Admin

An Cloud Manager user with this organization role can:

  • Administer billing information for the organization.
  • Use any privilege granted to the from the Organization Member role.

Project Roles

The following roles grant privileges within a project.

Project Role Privileges
Project Read Only

An Cloud Manager user with this project role can view most project components, including all:

  • Activity
  • Operational data
  • Cloud Manager Users
  • Cloud Manager User roles.

This user can’t modify or delete anything.

Project User Admin

An Cloud Manager user with this project role can:

  • Add an existing Cloud Manager user to a project. If the added user does not currently belong to the organization, the user will be added to the organization as well.
  • Invite a new Cloud Manager user to a project. After the Cloud Manager user accepts the invite, Cloud Manager also adds this user to the organization.
  • Remove an existing project invitation.
  • Deny a user’s request to join a project. This can deny the user access to the project depending on the user’s role in the organization.
  • Remove a user from a project.
  • Modify a user’s role within a project.
Project Data Access Admin

An Cloud Manager user with this project role can:

Project Data Access Read/Write

An Cloud Manager user with this project role can:

  • Use the Data Explorer. With the Data Explorer, the Cloud Manager user with this role can:
    • View and create databases and collections.
    • View, modify, and delete documents.
    • View indexes.
  • View the sample query field values in the Performance Advisor.
Project Data Access Read Only

An Cloud Manager user with this project role can:

Project Monitoring Admin

An Cloud Manager user with this project role can:

  • Use any privilege granted to the Project Read Only role.
  • Administer alerts (create, modify, delete, enable/disable, acknowledge/unacknowledge).
  • Manage hosts (add, edit, delete, enable deactivated).
  • Download Monitoring.
Project Backup Admin

An Cloud Manager user with this project role can:

  • Use any privilege granted to the Project Read Only role.
  • Manage backups, including:
    • Starting, stopping, and terminating backups.
    • Requesting restores.
    • Viewing and editing the namespaces filter.
    • Viewing and editing host passwords.
    • Modifying backup settings.
    • Generating SSH keys.
    • Downloading the MongoDB Agent.
Project Automation Admin

An Cloud Manager user with this project role can:

  • Use any privilege granted to the Project Read Only role.
  • View deployments.
  • Provision machines.
  • Edit configuration files.
  • Download the MongoDB Agent.
Project Owner

An Cloud Manager user with this project role can:

  • Use any privilege granted to any of the other project roles.
  • Configure the Backup service.

Note

A user with Organization Owner role has Project Owner access for all projects in the organization, even if added to a project with a non-Owner role.