From ce6d25ed0a841901fa99703253741def446c49c9 Mon Sep 17 00:00:00 2001
From: George Kechagias <george.kechagias@percona.com>
Date: Tue, 14 Oct 2025 12:42:52 +0300
Subject: [PATCH 1/2] K8SPSMDB-1146 clarify incode the purpose of the
 databaseAdmin user

---
 pkg/apis/psmdb/v1/psmdb_types.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go
index c258dbb34..6ce0a44ff 100644
--- a/pkg/apis/psmdb/v1/psmdb_types.go
+++ b/pkg/apis/psmdb/v1/psmdb_types.go
@@ -1302,6 +1302,8 @@ const (
 type SystemUserRole string
 
 const (
+	// RoleDatabaseAdmin is general-purpose superuser account for cluster administration.
+	// This user is not used by the operator; it is intended for end-user access and management tasks.
 	RoleDatabaseAdmin  SystemUserRole = "databaseAdmin"
 	RoleClusterAdmin   SystemUserRole = "clusterAdmin"
 	RoleUserAdmin      SystemUserRole = "userAdmin"

From 6df47e2f6215013559ab4744c8c34eb4ae449afc Mon Sep 17 00:00:00 2001
From: George Kechagias <george.kechagias@percona.com>
Date: Mon, 17 Nov 2025 14:22:04 +0200
Subject: [PATCH 2/2] add docs for all the users

---
 pkg/apis/psmdb/v1/psmdb_types.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go
index 6ce0a44ff..1050b43fb 100644
--- a/pkg/apis/psmdb/v1/psmdb_types.go
+++ b/pkg/apis/psmdb/v1/psmdb_types.go
@@ -1304,11 +1304,16 @@ type SystemUserRole string
 const (
 	// RoleDatabaseAdmin is general-purpose superuser account for cluster administration.
 	// This user is not used by the operator; it is intended for end-user access and management tasks.
-	RoleDatabaseAdmin  SystemUserRole = "databaseAdmin"
-	RoleClusterAdmin   SystemUserRole = "clusterAdmin"
-	RoleUserAdmin      SystemUserRole = "userAdmin"
+	RoleDatabaseAdmin SystemUserRole = "databaseAdmin"
+	// RoleClusterAdmin is used by the operator to perform cluster management operations
+	// such as adding/removing replica set members and managing sharded cluster topology.
+	RoleClusterAdmin SystemUserRole = "clusterAdmin"
+	// RoleUserAdmin is used by the operator to manage MongoDB users and their permissions.
+	RoleUserAdmin SystemUserRole = "userAdmin"
+	// RoleClusterMonitor is used for monitoring purposes, including PMM (Percona Monitoring and Management).
 	RoleClusterMonitor SystemUserRole = "clusterMonitor"
-	RoleBackup         SystemUserRole = "backup"
+	// RoleBackup is used by the operator for backup and restore operations via PBM (Percona Backup for MongoDB).
+	RoleBackup SystemUserRole = "backup"
 )
 
 func InternalUserSecretName(cr *PerconaServerMongoDB) string {