Enable Access Control¶
Before enabling role based access control, you should first consider the users of the system. Once the users have been identified, determine the roles required by the users. Roles may inherit from other roles to provide a hierarchy.
A user should have only the minimal set of privileges required to ensure a system of least privilege.
Each application and user of a MongoDB system should map to a distinct user in MongoDB; i.e. do not create a group user that is shared among multiple individuals. This access isolation facilitates access revocation and ongoing user maintenance.
- Enable Client Access Control
- Describes the process for enabling client access control for MongoDB deployments.
- Enable Internal Authentication
- Describes the process for enabling internal authentication members of replica sets and sharded clusters. Enabling internal authentication implicitly enables client access control.