- Administration >
- Manage MongoDB Users and Roles >
- Enable MongoDB Role-Based Access Control
Enable MongoDB Role-Based Access Control¶
On this page
Overview¶
MongoDB uses Role-Based Access Control (RBAC) to determine access to a MongoDB system. When run with access control, MongoDB requires users to authenticate themselves to determine their access. MongoDB limits each user to the resources and actions allowed by the user’s roles. If you leave access control disabled, any client can access any database in your deployments and perform any action.
When you enable MongoDB access control, you enable it for all the deployments in your Ops Manager group. The group shares one set of users for all deployments, but each user has permissions only for specific resources.
Access control applies to the Ops Manager agents as well as to clients. When you enable access control, Ops Manager creates the appropriate users for the agents.
Considerations¶
Once you enable access control, you must create MongoDB users so that clients can access your databases. Always use the Ops Manager interface to manage users and roles. Do not do so through direct connection to a MongoDB instance.
When you enable access control, Ops Manager creates a user with global privileges used only by the Automation Agent. The first user you create can be any type of user, as the Automation Agent guarantees you will always have access to user management.
For more information on MongoDB access control, see the Authentication and Authorization pages in the MongoDB manual.
Enable MongoDB Access Control¶
Select the Deployment tab and then select Authentication & Users.¶
Turn on authentication.¶
Click the button for Auth Enabled to toggle it to Yes. This automatically creates users for your Monitoring, Backup, and Automation agents.
Click Review & Deploy.¶
Review your changes, and click Confirm & Deploy.¶
Next Steps¶
To create your first users and assign privileges, see Manage MongoDB Users and Roles.