Enable MongoDB Role-Based Access Control¶
When you select an Authentication Mechanism for your Ops Manager group, this enables access control for all the deployments in your Ops Manager group.
With access control enabled, MongoDB users must authenticate to the MongoDB process. Once authenticated, the users only have privileges granted by their assigned roles.
With access control enabled, you must create MongoDB users so that clients can access your databases.
When you enable access control, Ops Manager automatically creates users for the agents. The user created for the Automation Agent has privileges to administrate and manage other users. As such, the first user you create can be any type of user.
To avoid inconsistencies, use the Ops Manager interface to manage users and roles for MongoDB deployments.
Enable MongoDB Access Control¶
Ops Manager supports various authentication mechanisms.
You can select multiple available mechanisms.
Check the authentication mechanism, then click Next.¶
Configure the Authentication Mechanism for the Agents.¶
If you enable more than one authentication mechanism, you must specify which one of the authentication mechanisms the Ops Manager agents should use to connect to your deployment.
Select the authentication mechanism from the Agent Auth Mechanism drop-down menu.
Ops Manager automatically generates the Agents’ usernames and passwords.
Ops Manager creates users for the agents with the required user roles in the admin database for each existing deployment in Ops Manager. When you add a new deployment, Ops Manager creates the required users in the new deployment.
You do not need to configure all of the agents, only the ones you installed.
If you did not install the Backup agent, you do not need to configure the Backup agent.
Click Review & Deploy to review your changes.¶
Review and approve your changes.¶
Ops Manager displays your proposed changes.
- If you are satisfied, click Confirm & Deploy.
- Otherwise, click Cancel and you can make additional changes.
See Enable Authentication for an Ops Manager Group for detailed instructions for configuring the different authentication mechanisms.