As you can imagine, allowing an application to actually create database users and assign rights presents a potentially massive security risk. However, there may be situations in which you need to create a GUI frontend that allows customers to easily manage these aspects of their database. Accordingly, we will now turn our attention to the following built-in roles: userAdmin and userAdminAnyDatabase.
Please refer to the following links for more information:
It is much better to assign the application userAdmin rights to a specific database, rather than create an application assigned userAdminAnyDatabase. The only exception might be a situation where you need an application that can perform as a superuser. In such cases, it's extremely...