Balanced MongoDB Authentication
A minimum viable security approach that provides a security layer while maintaining ease of use.
Create root user
This role provides access to all operations on all the resources. You can do anything and everything with this user role on any database. Read more on official documentation.
To create the root user, select admin
database and execute create user statement.
use admin;db.createUser(
{
user: 'root',
pwd: 'root@123',
roles: [ 'root' ]
}
);
Update Mongo config to enable auth
Edit /etc/mongod.conf
and update/add following,
security:
authorization: "enabled"
Restart MongoDB service
I use the following command on my Ubuntu 20.04 machine, you can find the commands for your system here.
sudo service mongod restart
Auth using admin credentials
use admin;db.auth('root', 'root@123');
Create normal users per DB
This role provides access to all operations on the selected database. Create index, new users, backup, restore, etc. Read more on Official documentation.
To create the dbOwner user, select the database for which you want the user, keep auth database as same as well.
use mydb;db.createUser(
{
user: "mydbUser",
pwd: "mydb@123",
roles: [ 'dbOwner' ]
}
);
IMO, this is best the setup to get started with authentication on MongoDB, which provides an optimal balance between security and ease of use.