You must have the :authaction:`grantRole` :ref:`action
<security-user-actions>` on the database a privilege targets in order to
grant the privilege. To grant a privilege on multiple databases or on the
cluster resource, you must have the :authaction:`grantRole` action on
the admin database.