Atlas user roles define the actions Atlas users can perform in
organizations, projects, or both. Organization and project Owners
can manage Atlas users and their roles within their respective
organizations and projects.
You can apply these permissions only on the the organization level or the project level. So, you should carefully plan the hierarchy of your organizations and projects. To learn more, see Cluster Management.
Organization Roles
| Organization Role (UI) | Organization Role (API, CLI) | Description | 
|---|---|---|
| 
 | Grants root access to the organization, including: 
 | |
| 
 | Grants the following access: 
 | |
| 
 | Grants the following access: 
 | |
| 
 | Grants the following access: 
 | |
| 
 | Provides read-only access to the settings, users, and projects in the organization. | |
| 
 | Provides read-only access to the settings and users in the organization and the projects they belong to. Unlike  For an  | 
Project Roles
The following roles grant privileges within a project.
| Project Role (UI) | Project Role (API, CLI) | Description | 
|---|---|---|
| 
 | Grants the privileges to perform the following actions: 
 | |
| 
 | Grants the privileges to perform the following actions: 
 The  
 This role also grants all the privileges included with the
 | |
| 
 | Grants the privileges to perform the following actions: 
 The  
 This role also grants all the privileges included with the
 | |
| 
 | Grants access to the Data Explorer, with the privileges to perform the following actions through the Atlas UI: 
 This role also grants all the privileges included with the
 | |
| 
 | Grants access to the Data Explorer, with the privileges to perform the following actions through the Atlas UI: 
 This role also grants all the privileges included with the
 | |
| 
 | Grants access to the Data Explorer, with the privileges to perform the following actions through the Atlas UI: 
 This role also grants all the privileges included with the
 | |
| 
 | Grants the privileges to perform the following actions: 
 This role also grants all the privileges included with the
 This role doesn't grant access to do the following tasks: | |
| 
 | Grants the privileges to perform the following actions: 
 This role also grants all the privileges included with the
 This role doesn't grant access to do the following tasks: 
 | |
| 
 | Grants the privileges to perform the following actions: 
 This role also grants all the privileges included with the
 This role doesn't grant access to do the following tasks: | |
| 
 | Grants metadata view-only access to the project control plane for all of the projects in the organization, including: all activity, operational data, users, and user roles. The user, however, cannot access the Data Explorer or retrieve process and audit logs. The user can view cluster metric charts. Grants access to view connection details for Stream Processing Instances. Grants access to MongoDB Charts only if invited
to the project by a  | |
| 
 | Grants the privileges to perform the following actions: This role also grants all the privileges included with the
 |