There are three database-specific administration roles, as follows:
- dbAdmin: The basic admin user role that can perform schema-related tasks, indexing, and gathering statistics. A dbAdmin cannot perform user and role management.
- userAdmin: Create and modify roles and users. This is complementary to the dbAdmin role.
A userAdmin can modify itself to become a superuser in the database, or, if scoped to the admin database, the MongoDB cluster.
- dbOwner: Combining readWrite, dbAdmin, and userAdmin roles, this is the most powerful admin user role.