Currently, there is no way for Database Users to manage their own passwords, (even if they are atlasAdmin@admin). Moreover, as a Project Owner, I cannot create a role that allows them to do so, e.g.:

use admin
db.createRole(
   { role: "changeOwnPasswordRole",
     privileges: [
        {
          resource: { db: "", collection: ""},
          actions: [ "changeOwnPassword"]
        }
     ],
     roles: []
   }
)

As such, changing passwords always requires a Project Owner setting the new password and sharing it with the Database User. This is a problem, because user-password combinations known by more than one person do not serve as proof of identity.

A Database User should, either by default or via a role, have the changeOwnPassword Mongo permission, so they can change their own passwords without having to share them with someone else (i.e. a Project Owner).

When upgrading the MongoDB server community edition from a very old version to the newest version one cannot skip installing intermediate versions, e. g. version 3.6 -> 4.4 does not work because the database files cannot be auto-migrated and the FeatureCompatibilityVersion is too low on 3.6 (or not existent).

Instead we have to install 3.6 -> 4.0 -> 4.2 -> 4.4 and execute db.adminCommand( { setFeatureCompatibilityVersion: "..." } ) appropriately in between installing each new version.

I propose creating an additional installer package for Linux which takes care of all that to migrate the internal database structure from the installed version to the latest but recent version available to apt - including setting FeatureCompatibilityVersion. This "upgrade-package" would contain all files necessary to upgrade from 3.6 -> 4.2 (in my example) so that the upgrade from 3.6 to 4.4 would not fail.