Open In App

How to Enable Access Control & Authentication in MongoDB

Last Updated : 13 Feb, 2025
Summarize
Comments
Improve
Suggest changes
Like Article
Like
Share
Report
News Follow

Securing our database is very important to protect our data. MongoDB, being one of the most popular NoSQL databases, provides robust security features like access control and user authentication to prevent unauthorized access and data breaches. Enabling authentication in MongoDB ensures that only authorized users can interact with the database, keeping our data safe.

In this article, we will be learning about how we can set up access control and authentication for MongoDB servers. These practices are essential for ensuring data integrity, privacy, and protecting your MongoDB database from unauthorized actions.

What is Authentication in MongoDB?

Authentication in MongoDB is the process of verifying the identity of users or applications attempting to access the database. It ensures that only authorized individuals can access sensitive data by requiring them to provide valid credentials such as a username and password.

When authentication is enabled, MongoDB will require users to authenticate themselves before being allowed access to databases. It is crucial in maintaining the security and integrity of the data, especially in environments with multiple users or applications.

Why is Authentication Important in MongoDB?

Authentication is essential to build industry-grade database systems. Authentication helps to maintain the security and integrity of the Database. Without authentication, anyone who can connect to your MongoDB instance can potentially modify or delete data, leading to data breaches or unauthorized changes.

  • Prevents Unauthorized Access: Ensures that only users with valid credentials can access and modify the database.
  • Protects Sensitive Data: Helps safeguard sensitive information such as customer data, financial records, and intellectual property.
  • Ensures Data Integrity: Reduces the risk of accidental or malicious data tampering or loss.
  • Compliance: Meets security and compliance standards (e.g., GDPR, HIPAA) that require authentication for data protection.

For example: We can think of data as money and databases as Banks. So now if anyone can access the bank locker without any validation then there is always a concern about the money in the bank. One can steal it, take some money from another account holder without knowledge, etc. So, we must define access control and authentication.

Steps to Enable Access Control and Authentication in MongoDB

To secure your MongoDB instance, follow these steps in the specified order to successfully enable authentication and access control.

Step 1: Start the MongoDB

To make changes in MongoDB, we need to start the MongoDB server. To start MongoDB, open the command prompt on our computer and execute the following command to start MongoDB. 

mongosh

Output:

Start-the-MongoDB
Connect to MongoDB

As we can see that the database has been started and we can access it.

Step 2: Create a Database and Add Documents

Now to create database, we can manually write all details in command prompt or we can use MongoDB Compass to use the GUI. Let's quickly create a database in MongoDB and add some documents in it.

First use a database name to use the database. It will not instantly create the Database, as we create a Collection, the database will be created.

use mydb  //Creates database
db.createCollection("nameColletion")

Output:

Create-Document
Create Collection

Once we have successfully created a database, it's time to insert few documents into the database.

db.nameCollection.insertOne({ name: "Philips Kumar", age: 21})

Output:

Create-Document2
Insert Documents

Now using the same format, we can insert more data in the database as per our requirements. Use the article on How to Create Database & Collection in MongoDB for better understanding.

Step 3: Create User

To use authentication, we need to define a user and assign certain role to it. Lets create a user named Geek and assign the role of useradmin for the database mydb. The useradmin role provides the user with power to create new users and assign roles to others including self.

This user can access, update or delete any data in the database. If short, we are giving the superuser role to the user named Geek. However, The privileges of the user stays only inside the database defined.

 db.createUser({
...     "user": "Geek",
...     "pwd": "abc123",
...     "roles": [ { "role": "userAdmin", "db": "mydb" } ]
... })

Output:

Create-User
Create User

Step 4: Change MongoDB Configuration to Enable Authentication

By default, in MongoDB the authentication feature is not enable. So, to use authentication we first have to edit the configurations and enable access control. To do that, navigate to the mongod.conf file. The path to the file should be similar to the following,

C:\Program Files\MongoDB\Server\7.0\bin

Open the mongod.conf file in any editor and write the following under security,

security:
        authentication: enabled

Change-MongoDB-configuration

Save the changes and close the file. Once we have made the changes, Go to Services in Windows and find MongoDB and restart it.

Services-in-Windows

Step 5: Authenticate with the Created User

Once restarted, now try accessing the data we have inserted without authenticating with valid credentials. Let's ask the database to show all documents available in the collection nameCollection.

db.nameCollection.find()

Output:

Try-Authentication
require authentication

As we can see it is saying that we need to autheticate first to get the data. That means we have successfully enable authentication and access control.

Now to see the data, let's first give the username and password.

db.auth("Geek","abc123")

Output:

username-and-password
Give user and Password

Now check for the available documents in the database.

db.nameCollection.find()

Output:

available-documents

As we can see after successful authentication, we get access to the documents available in the MongoDB database.

Conclusion

Authentication is needed everywhere if there exists sensitive data. Follow the above given steps in the order to successfully implement Access Control and Authentication in MongoDB server. The order of steps should be maintained, otherwise we may face some errors. If we change the configuration file before creating user then we will not be able to access the database. Also make sure to create the database Admin before you start following the steps. As if any issues encountered, you can use it's privileges to add new users and modify roles and databases.

FAQs

What is Authentication in MongoDB?

Authentication in MongoDB verifies the identity of users or applications accessing the database. It requires correct credentials, such as a username and password, to ensure secure access to data.

Why is Authentication Important in MongoDB?

Authentication is vital for protecting database security and integrity. It prevents unauthorized access and data breaches, ensuring that only authorized users can interact with sensitive information.

How do I enable authentication in MongoDB?

To enable authentication in MongoDB, create a user with specific roles, edit the mongod.conf file to enable security, and then restart the MongoDB service. After that, users must provide valid credentials to access the database.


Next Article
How to Enable Authentication on MongoDB ?
author
subhadipjanacse24
News
Improve
Article Tags :

Similar Reads

three90RightbarBannerImg
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox