Enable Access Control on Self-Managed Deployments
On this page
Note
Starting in MongoDB 8.0, LDAP authentication and authorization is deprecated. LDAP is available and will continue to operate without changes throughout the lifetime of MongoDB 8. LDAP will be removed in a future major release.
For details, see LDAP Deprecation.
Enabling access control on a MongoDB deployment enforces authentication. With access control enabled, users are required to identify themselves and can only perform actions that adhere to the permissions granted by the roles assigned to their user.
You can configure authentication in the UI for deployments hosted in MongoDB Atlas.
Note
You can't disable access control in MongoDB Atlas.
Access Control Resources
If you would like to enable access control for a standalone MongoDB instance, please refer to one of the following resources:
Use SCRAM to Authenticate Clients on Self-Managed Deployments
Use x.509 Certificates to Authenticate Clients on Self-Managed Deployments
Configure Self-Managed MongoDB with Kerberos Authentication on Linux
Configure Self-Managed MongoDB with Kerberos Authentication on Windows
Configure Self-Managed MongoDB with Kerberos Authentication and Active Directory Authorization
Authenticate Using Self-Managed SASL and LDAP with ActiveDirectory
Authenticate and Authorize Users Using Self-Managed Active Directory with Native LDAP
If you would like to enable access control for a replica set or a sharded cluster, please refer to one of the following resources:
Update Self-Managed Replica Set to Keyfile Authentication (No Downtime)
Deploy Self-Managed Sharded Cluster with Keyfile Authentication
Update Self-Managed Sharded Cluster to Keyfile Authentication
Update Self-Managed Sharded Cluster to Keyfile Authentication (No Downtime)
Configure Self-Managed MongoDB with Kerberos Authentication on Linux
Configure Self-Managed MongoDB with Kerberos Authentication on Windows
Configure Self-Managed MongoDB with Kerberos Authentication and Active Directory Authorization
Authenticate Using Self-Managed SASL and LDAP with ActiveDirectory
Authenticate and Authorize Users Using Self-Managed Active Directory with Native LDAP
Next Steps
To create additional users, see Create a User on Self-Managed Deployments.
To manage users, assign roles, and create custom roles, see Manage Users and Roles on Self-Managed Deployments.