This version will reach end of life on Feb 2018. To upgrade, go to the Learn more about upgrading your version of MongoDB.

Enable Access Control

The tutorials in this section enable access control. Once access control is enabled, users must authenticate themselves. The following tutorials use the default authentication mechanism .


Before enabling role based access control, you should first consider the users of the system. Once the users have been identified, determine the roles required by the users. Roles may inherit from other roles to provide a hierarchy.

A user should have only the minimal set of privileges required to ensure a system of least privilege.

Each application and user of a MongoDB system should map to a distinct user in MongoDB; i.e. do not create a group user that is shared among multiple individuals. This access isolation facilitates access revocation and ongoing user maintenance.

Enable Client Access Control
Describes the process for enabling client access control for MongoDB deployments.
Enable Internal Authentication
Describes the process for enabling internal authentication members of replica sets and sharded clusters. Enabling internal authentication implicitly enables client access control.