Mongodb enable authentication (Enable Access Control)

Mongodb enable authentication

Hi Folks,

In the context of databases, authentication acquires one more dimension because it may happen at different levels. It may be performed by the database itself, or the setup may be changed to allow either the operating system, or some other external method, to authenticate users.

Usually most of the databases like MySQL, MS SQL, Postgres, etc. comes with basic level of authentication. But in case of MongoDB the same cannot be said. MongoDB comes without any default authentication mechanisms. This provides restriction free access to all the users who can access any database or any data within it. This in trun raises security concerns.

There is a way provided to set up username and passwod for accessing the MongoDB in the official documentation. But the details provided are not clear enough to re-produce the same.

In this blog, we are going to see an elaborate step wise description on how to enable authentication for the accessing the MongoDB. The details specified below are for MongoDB 3.X version.


1. Start MongoDB without access control. (No need, if service already running)

$ mongod --port 27017 --dbpath /data/db1

2. Connect to the instance

$ mongo --port 27017

3. Create the user administrator.

Add a user with the root role. For example, the following creates the user superAdmin on the admin database:

$ use admin
$ db.createUser(
{
user: "superAdmin",
pwd: "admin123",
roles: [ { role: "root", db: "admin" } ]
})

4. Re-start the MongoDB instance with access control

Add the security.authorization setting to the config file

ubuntu: $ sudo vi /etc/mongod.conf
osx with brew version: $ sudo vi /usr/local/etc/mongod.conf

It may look like this

systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
security:
authorization: enabled

Restart mongodb

ubuntu: $ sudo service mongod restart
osx with brew version: $ brew services restart mongodb

5. Connect to database instance with superAdmin access

$ mongo --port 27017 -u "superAdmin" -p "admin123" --authenticationDatabase "admin"

6. Create user access (readWrite) for specific database

$ mongo --port 27017 -u "superAdmin" -p "admin123" --authenticationDatabase "admin"
$ use myAppDb
$ db.createUser(
{
user: "myAppDbUser",
pwd: "myApp123",
roles: [ "readWrite"]
})

7. Try Connecting to the specific database with limited access

$ mongo --port 27017 -u "myAppDbUser" -p "myApp123" --authenticationDatabase "myAppDb"
More user roles here Build in Roles
Source Mongodb Enable Client Access Control

Your comments and suggestions are welcome :)