How Can I Enable Authentication on MongoDB?


Enabling Authentication is the most important and fundamental security feature that comes with MongoDB, so you need to make sure you properly configure it. No worries we will take you to step by step to enable authentication on mangodb easily. So let’s get started.

Usually, all “MongoDB as a Service” providers already enable authentication pre-emptively.

Steps to enable authentication on MongoDB

Start without access control

You need to start a standalone mongod instance without access control. For that, you open a terminal and run the following:

mongod --port 27017 --dbpath /var/lib/mongodb 

Connect to the instance

You need to open a new terminal and then connect a mongo shell to the instance:

mongo --port 27017 

You can additionally specify command-line options to connect the mongo shell to your deployment, like –host.

User administrator creation

In the admin database, create a user with the userAdminAnyDatabase role from the mongo shell. As required, add additional roles for this user. For example, create the user myUserAdmin in the admin database with the userAdminAnyDatabase role and the readWriteAnyDatabase role.

 use admin
 db.createUser (
    user: "myUserAdmin",
    pwd: passwordPrompt(),
    roles: [{ role: "userAdminAnyDatabase", db: "admin"}, "readWriteAnyDatabase"]

Restart the MongoDB instance with access control

To restart the MongoDB instance with access control, follow the below steps:

1.    Terminate the MongoDB instance. For example, execute the following command from the mongo shell.

db.adminCommand ({ shutdown: 1 })

2.    Exit the Mongo shell.
3.    Begin the Mongod with access control set up.

  • Add the —auth command-line option if you’re starting Mongod from the command line.
mongod --auth --port 27017 --dbpath /var/lib/mongodb  
  • Add the security. authorization configuration file setting, if you start the mongod using a configuration file.
authorization: enabled  

Clients connecting to this instance must verify as a MongoDB user. Clients should only execute acts that are determined by their positions.

Connect and verify as the user administrator

By using Mongo Shell, you can

  • Pass in user credentials to connect with authentication, or
  • Connect without authentication first, and then verify using the db.auth() process.

During authentication connection

Start a mongo shell with the following command-line options: -u username>, -p, and
—authenticationDatabase <database>

mongo --port 27017 --authenticationDatabase "admin" -u "myUserAdmin" –p

Enter your password when suggested.

After authentication connection

To connect the mongo shell to the mongod, follow the command:

mongo --port 27017

Switch to the authentication database (in this case, admin) in the mongo shell and verify using the db.auth(username>, pwd>) method:

 use admin
 db.auth ("myUserAdmin", passwordPrompt())

Enter your password when suggested.

Creating Additional users

Use db.createUser() to create additional users after verified as the user administrator. Users may assign either built-in or user-defined functions.

The following procedure creates a user named myTester in the test database, with readWrite permissions in both the test and the reporting databases:

use test
    user: "myTester",
    pwd: passwordPrompt(),
    roles: [{ role: "readWrite", db: "test" }, { role: "read", db: "reporting" }]

Disconnect the Mongo shell after creating the additional users.

NOTE: The user’s authentication database is the database where you have created the user (in this case, test). Even though the user must authenticate to this database, the user will have functions in other databases. In other words, the user’s authentication database does not limit the user’s rights. 

Hope these steps helped you to enable authentication on MongoDB. If you get stuck in any of these steps, you can get assistance from us.

You can check: Steps to Install MySQL 8.0 on Ubuntu 20.04

To get updates follow us on Facebook, Twitter, LinkedIn

Subscribe to get free blog content to your Inbox