The list of maintenance rights is much more extensive than the operational rights listed in the previous section. In order to conserve space, a summary of the more important rights is presented here:
| Right | User With This Assignment Can ... |
| changePassword | Change passwords of users. |
| createCollection, createIndex, createRole, createUser |
Create collections, indexes, roles, or users. The user with createIndex can create indexes, the user with createUser can create users, and so on. |
| dropCollection, dropRole, dropUser | Drop a collection, role, or user. |
| grantRole, revokeRole | Assign roles (grantRole) or take a role away (revokeRole). The grantRole right is a very dangerous ability to assign. Please exercise caution and do not assign this right indiscriminately! |
| replsetConfigure | Make changes to the configuration of a replica set. |
| addShard, removeShard | Add or remove shards from a sharded cluster. |
| dropConnection, dropDatabase, dropIndex | Drop a connection, database... |
