Sling Academy
Home/MongoDB/MongoDB: How to create an admin user and enable authentication

MongoDB: How to create an admin user and enable authentication

Last updated: February 01, 2024

Table of Contents

  1. Introduction
  2. Prerequisites
  3. Step 1: Starting MongoDB Without Access Control
  4. Step 2: Connecting to MongoDB Instance
  5. Step 3: Creating the Admin User
  6. Step 4: Enabling Access Control and Testing Authentication
  7. Step 5: Managing User Roles
  8. Step 6: Advanced User Management
  9. Conclusion

Introduction

Securing your MongoDB database is an essential step to protect your data from unauthorized access. One of the first steps in securing your MongoDB instance is creating an admin user and enabling authentication. This tutorial will guide you through the process of setting up an administrative user for your MongoDB database and turning on authentication to ensure that only authorized users have access to your database’s functionalities.

Prerequisites

Before you begin, ensure you have the following:

  • MongoDB installed on your system
  • Access to the MongoDB command line interface (CLI)
  • Basic understanding of command-line operations and MongoDB concepts

Step 1: Starting MongoDB Without Access Control

Access your MongoDB instance without access control to create the initial admin user. Typically, after installation, MongoDB starts without access control enabled. You can start a MongoDB instance without access control using the following command:

mongod --port 27017 --dbpath /data/db1

Make sure to replace /data/db1 with the actual path to your MongoDB data directory.

Step 2: Connecting to MongoDB Instance

Once your MongoDB instance is running, connect to it using the mongo shell with the following command:

mongo

Step 3: Creating the Admin User

Upon connecting to the MongoDB instance, create the administrative user by switching to the admin database and running the createUser command:

use admin
db.createUser({
    user: "myAdminUser",
    pwd: "myAdminPassword",
    roles: [{ role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase"]
});

Replace "myAdminUser" and "myAdminPassword" with your desired admin username and secure password respectively.

Step 4: Enabling Access Control and Testing Authentication

With the admin user created, access control needs to be enabled. You do this by restarting the MongoDB instance with the --auth flag:

mongod --auth --port 27017 --dbpath /data/db1

Once restarted, attempt to connect to the database using the admin credentials to verify that authentication is working:

mongo -u myAdminUser -p myAdminPassword --authenticationDatabase admin

You should be connected to the database if the credentials are correct. If you encounter errors, ensure that the username and password are as you set in the createUser command.

Step 5: Managing User Roles

After the administrative user has been set up, you can manage various user roles. MongoDB provides a flexible role-based access control system. Below is an example of how to provide a user with read-only access to a particular database:

use someDatabase
db.createUser({
    user: "readOnlyUser",
    pwd: "readOnlyPassword",
    roles: [{ role: "read", db: "someDatabase" }]
});

Again, ensure that you are using secure passwords and replace "readOnlyUser" and "readOnlyPassword" with your chosen credentials.

Step 6: Advanced User Management

For more advanced user management, you can create roles with customized permissions. Below is an example of creating a role:

use admin
db.createRole({
    role: "myCustomRole",
    privileges: [
        { resource: { db: "myDatabase", collection: "" }, actions: [ "find", "update", "insert", "remove" ] }
    ],
    roles: []
});

Once the role is created, you can assign it to a user with the following command:

db.grantRolesToUser("existingUser", ["myCustomRole"]);

Ensure that you replace "existingUser" with the actual username of the user to whom you wish to grant the newly created role.

Conclusion

Securing your MongoDB instance with authentication and proper user management is paramount to protecting your data. By following the steps we’ve outlined in this tutorial, you’ve successfully created an administrative user, enabled authentication, and understand the basics of user role management, setting the foundation for a secure MongoDB deployment.

Next Article: MongoDB: Managing users and roles (privileges)

Previous Article: MongoDB: How to determine the size of a database (5 ways)

Series: MongoDB Tutorials

MongoDB

You May Also Like

  • MongoDB: How to combine data from 2 collections into one
  • Hashed Indexes in MongoDB: A Practical Guide
  • Partitioning and Sharding in MongoDB: A Practical Guide (with Examples)
  • Geospatial Indexes in MongoDB: How to Speed Up Geospatial Queries
  • Understanding Partial Indexes in MongoDB
  • Exploring Sparse Indexes in MongoDB (with Examples)
  • Using Wildcard Indexes in MongoDB: An In-Depth Guide
  • Matching binary values in MongoDB: A practical guide (with examples)
  • Understanding $slice operator in MongoDB (with examples)
  • Caching in MongoDB: A practical guide (with examples)
  • CannotReuseObject Error: Attempted illegal reuse of a Mongo object in the same process space
  • How to perform cascade deletion in MongoDB (with examples)
  • MongoDB: Using $not and $nor operators to negate a query
  • MongoDB: Find SUM/MIN/MAX/AVG of each group in a collection
  • References (Manual Linking) in MongoDB: A Developer’s Guide (with Examples)
  • MongoDB: How to see all fields in a collection (with examples)
  • Type checking in MongoDB: A practical guide (with examples)
  • How to query an array of subdocuments in MongoDB (with examples)
  • MongoDB: How to compare 2 documents (with examples)