Navigation

Enable MongoDB Role-Based Access Control

Overview

When you select an Authentication Mechanism for your Cloud Manager group, this enables access control for all the deployments in your Cloud Manager group.

With access control enabled, MongoDB users must authenticate to the MongoDB process. Once authenticated, the users only have privileges granted by their assigned roles.

Considerations

With access control enabled, you must create MongoDB users so that clients can access your databases.

When you enable access control, Cloud Manager automatically creates users for the agents. The user created for the Automation Agent has privileges to administrate and manage other users. As such, the first user you create can be any type of user.

Recommendation

To avoid inconsistencies, use the Cloud Manager interface to manage users and roles for MongoDB deployments.

For more information on MongoDB access control, see the Authentication and Authorization pages in the MongoDB manual.

Enable MongoDB Access Control

Cloud Manager supports various authentication mechanisms.

You can select multiple available mechanisms.

1
2

Check the authentication mechanism, then click Next.

3

Configure SSL if desired.

  1. Toggle the Enable SSL slider to Yes.
  2. Click Next

Note

See Enable SSL for a Deployment for SSL setup instructions.

4

Configure the Authentication Mechanism for the Agents.

If you enable more than one authentication mechanism, you must specify which one of the authentication mechanisms the Cloud Manager agents should use to connect to your deployment.

  1. Select the authentication mechanism from the Agent Auth Mechanism drop-down menu.

  2. Cloud Manager automatically generates the Agents’ usernames and passwords.

    Cloud Manager creates users for the agents with the required user roles in the admin database for each existing deployment in Cloud Manager. When you add a new deployment, Cloud Manager creates the required users in the new deployment.

  3. Click Save.

You do not need to configure all of the agents, only the ones you installed.

Example

If you did not install the Backup agent, you do not need to configure the Backup agent.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Cloud Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.

See Enable Authentication for a Cloud Manager Group for detailed instructions for configuring the different authentication mechanisms.

Next Steps

See Manage MongoDB Users to create MongoDB users and roles and assign privileges to those roles.