diff --git a/mongodbatlas/resource_mongodbatlas_database_user.go b/mongodbatlas/resource_mongodbatlas_database_user.go
index cae9977db7..a4b99e197b 100644
--- a/mongodbatlas/resource_mongodbatlas_database_user.go
+++ b/mongodbatlas/resource_mongodbatlas_database_user.go
@@ -54,7 +54,7 @@ func resourceMongoDBAtlasDatabaseUser() *schema.Resource {
 				Default:  "NONE",
 			},
 			"roles": {
-				Type:     schema.TypeList,
+				Type:     schema.TypeSet,
 				Optional: true,
 				Computed: true,
 				Elem: &schema.Resource{
@@ -286,9 +286,9 @@ func splitDatabaseUserImportID(ID string) (*string, *string, *string, error) {
 func expandRoles(d *schema.ResourceData) []matlas.Role {
 	var roles []matlas.Role
 	if v, ok := d.GetOk("roles"); ok {
-		if rs := v.([]interface{}); len(rs) > 0 {
-			roles = make([]matlas.Role, len(rs))
-			for k, r := range rs {
+		if rs := v.(*schema.Set); rs.Len() > 0 {
+			roles = make([]matlas.Role, rs.Len())
+			for k, r := range rs.List() {
 				roleMap := r.(map[string]interface{})
 				roles[k] = matlas.Role{
 					RoleName:       roleMap["role_name"].(string),
@@ -301,8 +301,8 @@ func expandRoles(d *schema.ResourceData) []matlas.Role {
 	return roles
 }
 
-func flattenRoles(roles []matlas.Role) []map[string]interface{} {
-	roleList := make([]map[string]interface{}, 0)
+func flattenRoles(roles []matlas.Role) []interface{} {
+	roleList := make([]interface{}, 0)
 	for _, v := range roles {
 		roleList = append(roleList, map[string]interface{}{
 			"role_name":       v.RoleName,
diff --git a/mongodbatlas/resource_mongodbatlas_database_user_test.go b/mongodbatlas/resource_mongodbatlas_database_user_test.go
index 10a80e865f..c79073fc18 100644
--- a/mongodbatlas/resource_mongodbatlas_database_user_test.go
+++ b/mongodbatlas/resource_mongodbatlas_database_user_test.go
@@ -33,7 +33,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "atlasAdmin"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "1"),
 				),
 			},
@@ -46,7 +45,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "read"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "1"),
 				),
 			},
@@ -75,7 +73,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_withX509Type(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "x509_type", "MANAGED"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "$external"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "atlasAdmin"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "1"),
 				),
 			},
@@ -104,7 +101,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_WithLabels(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "atlasAdmin"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "0"),
 				),
 			},
@@ -128,7 +124,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_WithLabels(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "atlasAdmin"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "2"),
 				),
 			},
@@ -156,7 +151,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_WithLabels(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "read"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "3"),
 				),
 			},
@@ -164,6 +158,67 @@ func TestAccResourceMongoDBAtlasDatabaseUser_WithLabels(t *testing.T) {
 	})
 }
 
+func TestAccResourceMongoDBAtlasDatabaseUser_withRoles(t *testing.T) {
+	var dbUser matlas.DatabaseUser
+
+	resourceName := "mongodbatlas_database_user.test"
+	projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID")
+	username := acctest.RandomWithPrefix("test-acc-user-")
+	password := acctest.RandomWithPrefix("test-acc-pass-")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckMongoDBAtlasDatabaseUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMongoDBAtlasDatabaseUserWithRoles(username, password, projectID,
+					[]*matlas.Role{
+						{
+							RoleName:       "read",
+							DatabaseName:   "admin",
+							CollectionName: "stir",
+						},
+						{
+							RoleName:       "read",
+							DatabaseName:   "admin",
+							CollectionName: "unpledged",
+						},
+					},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasDatabaseUserExists(resourceName, &dbUser),
+					testAccCheckMongoDBAtlasDatabaseUserAttributes(&dbUser, username),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttr(resourceName, "username", username),
+					resource.TestCheckResourceAttr(resourceName, "password", password),
+					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
+					resource.TestCheckResourceAttr(resourceName, "roles.#", "2"),
+				),
+			},
+			{
+				Config: testAccMongoDBAtlasDatabaseUserWithRoles(username, password, projectID,
+					[]*matlas.Role{
+						{
+							RoleName:     "read",
+							DatabaseName: "admin",
+						},
+					},
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMongoDBAtlasDatabaseUserExists(resourceName, &dbUser),
+					testAccCheckMongoDBAtlasDatabaseUserAttributes(&dbUser, username),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttr(resourceName, "username", username),
+					resource.TestCheckResourceAttr(resourceName, "password", password),
+					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
+					resource.TestCheckResourceAttr(resourceName, "roles.#", "1"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccResourceMongoDBAtlasDatabaseUser_importBasic(t *testing.T) {
 	projectID := os.Getenv("MONGODB_ATLAS_PROJECT_ID")
 
@@ -182,7 +237,6 @@ func TestAccResourceMongoDBAtlasDatabaseUser_importBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "username", username),
 					resource.TestCheckResourceAttr(resourceName, "password", "test-acc-password"),
 					resource.TestCheckResourceAttr(resourceName, "auth_database_name", "admin"),
-					resource.TestCheckResourceAttr(resourceName, "roles.0.role_name", "read"),
 					resource.TestCheckResourceAttr(resourceName, "labels.#", "1"),
 				),
 			},
@@ -329,3 +383,40 @@ func testAccMongoDBAtlasDatabaseUserWithLabelsConfig(projectID, roleName, userna
 		}
 	`, projectID, roleName, username, labelsConf)
 }
+
+func testAccMongoDBAtlasDatabaseUserWithRoles(username, password, projectID string, rolesArr []*matlas.Role) string {
+	var roles string
+	for _, role := range rolesArr {
+		var roleName, databaseName, collection string
+
+		if role.RoleName != "" {
+			roleName = fmt.Sprintf(`role_name = "%s"`, role.RoleName)
+		}
+		if role.DatabaseName != "" {
+			databaseName = fmt.Sprintf(`database_name = "%s"`, role.DatabaseName)
+		}
+		if role.CollectionName != "" {
+			collection = fmt.Sprintf(`collection_name = "%s"`, role.CollectionName)
+		}
+
+		roles += fmt.Sprintf(`
+			roles {
+				%s
+				%s
+				%s
+			}
+		`, roleName, databaseName, collection)
+	}
+
+	return fmt.Sprintf(`
+		resource "mongodbatlas_database_user" "test" {
+			username           = "%s"
+			password           = "%s"
+			project_id         = "%s"
+			auth_database_name = "admin"
+
+			%s
+
+		}
+	`, username, password, projectID, roles)
+}