Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

User Roles

On this page

Overview

User roles allow you to grant a user the set of privileges needed to perform tasks but no more. These roles are separate from MongoDB roles for the agents.

If you use LDAP authentication for MMS, you must create LDAP groups for each available role described below then assign users to LDAP groups. There is no round trip synchronization between your LDAP server and MMS.

Read Only

The Read Only role has the lowest level of privileges. The user can generally see everything in a group, including all monitoring and backup data, all activity, and all users and user roles. The user, however, cannot modify or delete anything.

User Admin

The User Admin role grants access to do the following:

  • Add an existing user to a group.
  • Invite a new user to a group.
  • Remove an existing group invitation.
  • Remove a user’s request to join a group, which denies the user access to the group.
  • Remove a user from a group.
  • Modify a user’s roles within a group.
  • Update the billing email address.

Monitoring Admin

The Monitoring Admin role grants all the privileges of the Read Only role and grants additional access to do the following:

  • Manage alerts (create, modify, delete, enable/disable, acknowledge/unacknowledge).
  • Manage hosts (add, edit, delete, enable deactivated).
  • Manage dashboards (create, edit, delete).
  • Manage group-wide settings.
  • Download Monitoring Agent.

Backup Admin

The Backup Admin role grants all the privileges of the Read Only role and grants access to manage backups, including the following:

  • Start, stop, and terminate backups.
  • Request restores.
  • View and edit excluded namespaces.
  • View and edit host passwords.
  • Modify backup settings.
  • Generate SSH keys.
  • Download the Backup Agent.

Group Owner

The Group Owner role has the privileges of all the other roles combined, as well as additional privileges available only to the owner. In addition to the privileges of other roles, a Group Owner can:

  • Set up the Backup service.
  • Update billing information.
  • Enable the public API.

Group Roles

The following roles grant privileges within a group:

Global Roles

Global roles have all the same privileges as the equivalent Group roles, except that they have these privileges for all groups. They also have some additional privileges as noted below.

Global Read Only

The Global Read Only role grants read only access to all groups. The role additionally grants access to do the following:

  • View backups and other statistics through the admin UI.
  • Global user search.

Global User Admin

The Global User Admin role grants user admin access to all groups. The role additionally grants access to do the following:

  • Add new groups.
  • Manage UI messages.
  • Send test emails, SMS messages, and voice calls.
  • Edit user accounts.
  • Manage LDAP group mappings.

Global Monitoring Admin

The Global Monitoring Admin role grants monitoring admin access to all groups. The role additionally grants access to do the following:

  • View system statistics through the admin UI.

Global Backup Admin

The Global Backup Admin role grants backup admin access to all groups. The role additionally grants access to do the following:

  • View system statistics through the admin UI.
  • Manage blockstore, daemon, and oplog store configurations.
  • Move jobs between daemons.
  • Approve backups in awaiting provisioning state.

Global Owner

The Global Owner role for an MMS account has the privileges of all the other roles combined.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.