MongoDB supports role-based authentication, so you can restrict access to your deployment for safety and security. Cloud Manager Automation makes enabling and managing your users easy.
An important note before we begin: Authentication Settings made here apply to your entire Cloud Manager group. If you are using Automation, and it’s vital that different deployments in your group have different credentials, you will have to create a new Cloud Manager group for these deployment items and import them.
If you already have authentication enabled, follow the normal importation into Automation methodolgy, especially noting the creation of a new automation-agent user, then you can skip this section and go on to the role and user management sections below.
If you have an unauthenticated deployment:
Select “Username/Password” and click “Next”. Click “Next” again to skip the SSL settings (a topic for this other post).
Now you just have to “Review & Deploy” and “Confirm & Deploy” as normal. Beware: Clients without authentication will fail to connect after this point. Make sure your application is ready for this change. Check your drivers’ documentation on how to enable MongoDB authentication in your application.
Let’s start with adding a new role:
Once the role is added, you just have to do the usual “Review & Deploy”/”Confirm & Deploy” to push this role out to your group.
Once the role has been created, you can edit or remove it via the gear icon, as shown below. You can only edit custom roles, not built-in roles.
Once you have the roles you need (if you need custom roles at all), you can start creating users.
You can choose any custom or built-in roles you wish and enter the user’s password
- Once the user is added, you just have to do the usual “Review & Deploy”/”Confirm & Deploy” to push this user out to your group.
Maybe you have moved your deployment into a private network and have decided to remove your authentication settings. Here’s how:
- Click the “…” menu on your Deployment page and select “Authentication & SSL Settings”
- Click “Next” to get to the “Authentication Mechanisms” screen and un-check “Username/Password”
- Click “Next” to skip the SSL settings, and then click “Save”
- When you next do a “Review & Deploy”/”Confirm & Deploy”, the Automation Agents will disable authentication.
All your custom roles and users will remain cached in Cloud Manager in case you wish to re-enable authentication. You can edit them even when authentication is not enabled.