Understanding User Creation in MongoDB: admin Database vs. Other Databases

I’m in the process of setting up user accounts within my MongoDB environment and I’m looking for some clarity on the best practices for where to create these user accounts—specifically, the differences between creating users in the admin database as opposed to a non-admin, user-defined database.

Here are the questions I have:

  • Are there any differences in access or capabilities for users created in the admin database compared to those created in other databases?
  • Does the choice of database for user creation affect how the user will authenticate? For managing access across multiple databases, is it preferable to create users in the admin database?

I aim to implement a secure and manageable approach to user access control, aligning with the principle of least privilege. Any advice or experiences you can share on this topic would be greatly valued.

Thanks so much for your guidance!

have you read through this and this? there’s a lot of information (which i have pretty much forgotten).

i guess the authentication database has something to do with role assignments.

  1. A user can be created in any database.
  2. The database that a user is created in is that user’s ‘authentication database’. That user must then specify its authentication database when it logs in.

By convention as of MongoDB v5, users and roles are assumed to be in the ‘admin’ database unless otherwise specified.