Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Manage MongoDB Users and Roles

Overview

When MongoDB access control is enabled, you provide client access to MongoDB by creating users and assigning user roles. The users you create apply to all MongoDB instances in your Ops Manager group, but each user has a specified authentication database. Together, the user’s name and database serve as a unique identifier for that user.

You can specify access using MongoDB’s built-in roles and also by creating custom roles. Ops Manager provides the interface for doing so.

You can create users before enabling accessing control or after, but they don’t go into effect until you enable access control. The MongoDB instances won’t require user credentials until access control is enabled.

To authenticate, a client must specify the username, password, database, and authentication mechanism. For example, from the mongo shell, a client would specify the --username, --password, --authenticationDatabase, and --authenticationMechanism options.

MongoDB users are separate from Ops Manager users. MongoDB users have access to MongoDB databases. Ops Manager users access to Ops Manager groups.

Considerations

If you want Ops Manager to ensure that all deployments in a group have the same database users and roles, use only the Ops Manager interface to manage users.

However, if you want certain deployments in a group to have certain users or roles not set at the group level, you can add them through direct connection to the MongoDB instances.”

Add a MongoDB User

1

Select the Deployment tab and then select Authentication & Users.

2

Select the Add User button.

3

In the Identifier fields, enter the database on which the user authenticates and enter a username.

Together, the database and username uniquely identify the user. Though the user has just one authentication database, the user can have privileges on other database. You grant privileges when assigning the user roles.

4

In the Roles drop-down list, select the user’s roles.

You can assign both user-defined roles and built-in roles.

5

Enter the user’s password and click Add User.

6

Click Review & Deploy.

7

Review your changes, and click Confirm & Deploy.

Edit a User’s Roles

1

Select the Deployment tab and then select Authentication & Users.

2

Click the user’s gear icon and select Edit.

3

Edit the user’s information.

In the Roles drop-down list, you can both add and delete roles. You can add both user-defined roles and built-in roles.

4

Click SAVE CHANGES.

5

Click Review & Deploy.

6

Review your changes, and click Confirm & Deploy.

Remove a MongoDB User

1

Select the Deployment tab and then select Authentication & Users.

2

Click the user’s gear icon and select Remove.

3

To confirm, click Delete User.

4

Click Review & Deploy.

5

Review your changes, and click Confirm & Deploy.