Enable Authorisation on Percona MongoDB Docker

I have set up a Percona Server for mongoDB in a docker container and believed I had activated authorisation on the container [when I logged onto the container and examined the /etc/mongod.conf file the authorization is set
security :
authorization: “enabled”

However when I create users with set roles they are still capable of performing functions outside those roles, e.g., a user with a “readWrite” role can create a new user with the “userAdminAnyDatabase” role.
Users with “userAdmin” roles can read collections in any databases.

I’m not sure what I am missing and was hoping someone could point me in the correct direction?
I haven’t found any similar queries elsewhere