- Security >
- Security Tutorials >
- Access Control Tutorials >
- Enable Authentication after Creating the User Administrator
Enable Authentication after Creating the User Administrator¶
On this page
Overview¶
Enabling authentication on a MongoDB instance restricts access to the instance by requiring that users identify themselves when connecting. In this procedure, you will create the instance’s first user, which must be a user administrator and then enable authentication. Then, you can authenticate as the user administrator to create additional users and grant additional access to the instance.
This procedures outlines how enable authentication after creating the user administrator. The approach requires a restart. To enable authentication without restarting, see Enable Client Access Control.
Considerations¶
This document outlines a procedure for enabling authentication for MongoDB instance where you create the first user on an existing MongoDB system that does not require authentication before restarting the instance and requiring authentication. You can use the localhost exception to gain access to a system with no users and authentication enabled. See Enable Client Access Control for the description of that procedure.
Procedure¶
Start the MongoDB instance without authentication.¶
Start the mongod
or mongos
instance without the
authorization
or keyFile
setting. For example:
For details on starting a mongod
or mongos
, see
Manage mongod Processes or
Deploy a Sharded Cluster.
Create the system user administrator.¶
Add the user with the userAdminAnyDatabase
role, and
only that role.
The following example creates the user siteUserAdmin
user on the
admin
database:
Re-start the MongoDB instance with authentication enabled.¶
Re-start the mongod
or mongos
instance with
the authorization
or keyFile
setting. Use
authorization
on a standalone instance. Use keyFile
on
an instance in a replica set or sharded cluster.
The following example enables authentication on a standalone
mongod
using the authorization
command-line option:
Create additional users.¶
Log in with the user administrator’s credentials and create additional users. See Add a User to a Database.
Next Steps¶
If you need to disable authentication for any reason, restart the process
without the authorization
or keyFile
option.