Role Management
Create roles, assign permissions, and manage custom roles in your workspace
Role Management
Manage roles and permissions to control what team members can do within your workspace.
Accessing Role Management
Open Workspace Settings Click your workspace name in the top navigation, then select Settings from the dropdown.
Navigate to Roles In the left sidebar, click Roles & Permissions to view all workspace roles.
Built-in Roles
MongoDash provides four predefined roles that cannot be deleted or renamed:
- Owner - Complete workspace control including billing
- Admin - Administrative access without billing management
- Editor - Standard working permissions with read/write access
- Viewer - Read-only access to data and dashboards
Built-in roles have fixed permission sets that cannot be modified. Use custom roles for tailored permission combinations.
Assigning Roles to Users
Navigate to Members From workspace settings, click Members in the left sidebar to view all workspace users.
Select a User Click the user you want to assign a role to, or click Edit next to their name.
Assign Roles Check the boxes next to the roles you want to assign. Users can have multiple roles.
Assigning multiple roles gives users the combined permissions from all assigned roles.
Save Changes Click Save to apply the role assignments. The user's permissions update immediately.
Creating Custom Roles
BusinessCustom roles allow you to create permission sets tailored to your organization's needs.
Create New Role On the Roles & Permissions page, click Create Custom Role in the top right.
Name Your Role Enter a descriptive name like "Read-Only Analyst" or "Dashboard Designer". Add an optional description explaining the role's purpose.
Select Permissions Choose from granular permissions organized by category:
- Workspace - Settings, invitations, integrations
- Connections - View, create, edit, delete connections
- Data - Read, write, delete documents and collections
- Queries - Execute, save, share queries
- Dashboards - Create, edit, share, embed dashboards
- Audit - View audit logs and compliance reports
Review and Save Review selected permissions in the summary panel, then click Create Role.
Permission Categories
Workspace Permissions
Control workspace-level administrative actions:
- Manage Workspace Settings - Edit workspace name, slug, and general settings
- Manage Members - Invite, remove, and change member roles
- Manage Billing - View and modify subscription and payment details
- Delete Workspace - Permanently delete the workspace
Connection Permissions
Control database connection management:
- View Connections - See connection details and test connectivity
- Create Connections - Add new MongoDB connections
- Edit Connections - Modify connection strings, SSH tunnels, and settings
- Delete Connections - Remove connections from workspace
- Share Connections - Make connections available to other members
Data Permissions
Control data access and modification:
- Read Data - View documents in collections
- Write Data - Create and update documents
- Delete Data - Remove documents from collections
- Export Data - Download data as JSON, CSV, or other formats
- Import Data - Upload and insert data into collections
Query Permissions
Control query execution and management:
- Execute Queries - Run find queries and aggregations
- Save Queries - Store queries for reuse
- Share Queries - Make saved queries available to team
- Use AI Query Builder - Access AI-assisted query generation
Dashboard Permissions
Control dashboard creation and sharing:
- View Dashboards - See shared dashboards
- Create Dashboards - Build new dashboards
- Edit Dashboards - Modify existing dashboards
- Delete Dashboards - Remove dashboards
- Share Dashboards - Make dashboards available to team or public
- Embed Dashboards - Generate embed codes for external use
Audit Permissions
EnterpriseControl access to audit and compliance features:
- View Audit Logs - Access detailed activity logs
- Export Audit Logs - Download audit data
- View Compliance Reports - Access compliance documentation
Editing Custom Roles
BusinessSelect Role On the Roles & Permissions page, click the custom role you want to edit.
Modify Permissions Add or remove permissions as needed. Changes affect all users currently assigned this role.
Removing permissions from a role immediately revokes those capabilities from all assigned users.
Save Changes Click Save to apply updates. Review the impact summary showing affected users.
Deleting Custom Roles
BusinessBefore deleting a custom role:
- Ensure no users are currently assigned the role, or reassign them to other roles
- Review any automation or integrations that reference the role
- Document the reason for deletion in your change log
Deleting a role cannot be undone. Users assigned only this role will lose all permissions except Viewer defaults.
Role Management Best Practices
Start with Built-in Roles
For most teams, the four built-in roles cover common access patterns. Only create custom roles when built-in roles don't match your needs.
Use Descriptive Names
Name custom roles based on function, not individual names:
- Good: "Data Analyst", "Dashboard Designer", "Support Engineer"
- Avoid: "John's Role", "Marketing Team", "Temporary Access"
Document Role Purpose
Add descriptions explaining when to use each custom role and what workflows it enables.
Review Regularly
Audit custom roles quarterly:
- Are they still needed?
- Do permissions align with current security policies?
- Are users assigned correctly?
Test Before Deploying
Create a test user and assign the new role to verify permissions work as expected before rolling out to the team.
What's Next?
- User Permissions - Understand permission inheritance and overrides
- Managing Members - Learn about user management workflows
- Audit Logs - Track role assignments and permission changes