Currently, there is no way for Database Users to manage their own passwords, (even if they are atlasAdmin@admin). Moreover, as a Project Owner, I cannot create a role that allows them to do so, e.g.: use admin db.createRole( { role: "changeOwnPasswordRole", privileges: [ { resource: { db: "", collection: ""}, actions: [ "changeOwnPassword"] } ], roles: [] } ) As such, changing passwords always requires a Project Owner setting the new password and sharing it with the Database User. This is a problem, because user-password combinations known by more than one person do not serve as proof of identity. A Database User should, either by default or via a role, have the `changeOwnPassword` Mongo permission, so they can change their own passwords without having to share them with someone else (i.e. a Project Owner).