Permissions Help - LDAP grant create database

I’m really new to MongoDB coming from MSSQL and I’m totally confused right now.
I have LDAP configured and working.  A user can log into Mongo and with the role I have, can at least view the databases and collections.

admin.createRole({role: “CN=MongoAdmins,OU=Applications,OU=SecurityGroups,DC=internal,DC=domain,DC=com”,privileges:[],roles: [“dbAdminAnyDatabase” ]})

I thought dbAdminAnyDatabase would grant enough permissions to allow your developers to create databases, collection and generally administer things.  But they aren’t allowed to really do a thing but log in and view.

How do I properly grant the permissions I really want?  This group of users should be able to create databases and fully administer everything but users really.

Thanks!

Hello @mdiorio
dbAdminAnyDatabase role includes permission to create collections as is documented @ https://docs.mongodb.com/manual/reference/built-in-roles/
You can also check other necessary permission/roles there.
If you cannot create collections then you need to check if expected roles were correctly granted to logged-in user. To do this you need to execute this command:

db.runCommand({connectionStatus : 1})

Then check ‘authenticatedUserRoles’ array in the output