MongoDB follows Role access control authorization model(RBAC). In this model, USERS are assigned one or more roles which provide them access to the database resources and operations. Apart from these role assignments users do not have any access to the resources. When we enable internal authentication it automatically enables client authorization. The authorization can be enabled by starting mongod with –auth OPTION or providing security.authorization setting in the config file.  

• Roles: Roles are groups of privileges, actions over resources that are granted to users over a given database. A role grants privileges to perform the specified actions on the resource. Each privilege is either specified explicitly in the role or inherited from another role or both.
• Actions: All operations and commands that a user can perform in MongoDB are called actions. Actions are performed on resources.
• Resources: Resources are any objects that HOLD a state in a database.
• Privilege: When a user performs an action on a given resource that constitutes privilege.

These group of privileges are roles that can be assigned to the user.

MongoDB provides several Build-in roles like Database User Roles, Database Administration Roles, Cluster Administration Roles, Backup and Restoration Roles, All-Database Roles, Superuser Roles But we can also create our own custom roles based on the requirement which are called User-defined roles.

For Example: Suppose we WANT to create a role to MANAGE all operations in the cluster we can create below user-defined role.