MongoDB Compass users require specific privileges to access various Compass features if authentication/authorization is enforced on the connected MongoDB instance.
The following table lists the privileges required to access the features as well as the built-in roles that can provide these privileges:
| Compass View | Capability | Privilege(s) | MongoDB Built-In Role |
|---|---|---|---|
| Home/MongoDB Instance | View performance | clusterMonitor | |
| Database | Create a Database | createCollection | readWrite |
| Database | Drop a Database | dropDatabase | dbAdmin |
| Collection | Create a Collection | createCollection | readWrite |
| Collection | Drop a Collection | dropCollection | readWrite |
| Schema | Query/View a Schema | find | read |
| Documents | Query/View a Document | find | read |
| Documents | Clone, insert, update, delete a document | readWrite | |
| Indexes | View an index | listIndexes | read |
| Indexes | Create, drop an index | readWrite | |
| Explain Plan | Query/View a query plan | find | read |
| Validation | View rules | listCollections | read |
| Validation | Update rules | collMod | dbAdmin |
Note
The built-in roles may provide more access than required. You can also create a User-Defined Roles on Self-Managed Deployments to grant specific privileges.