Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Enable MongoDB Role-Based Access Control

Overview

When you select an Authentication Mechanism for your Ops Manager group, this enables access control for all the deployments in your Ops Manager group.

With access control enabled, MongoDB users must authenticate to the MongoDB process. Once authenticated, the users only have privileges granted by their assigned roles.

Considerations

With access control enabled, you must create MongoDB users so that clients can access your databases.

When you enable access control, Ops Manager automatically creates users for the agents. The user created for the Automation Agent has privileges to administrate and manage other users. As such, the first user you create can be any type of user.

Recommendation

To avoid inconsistencies, use the Ops Manager interface to manage users and roles for MongoDB deployments.

For more information on MongoDB access control, see the Authentication and Authorization pages in the MongoDB manual.

Enable MongoDB Access Control

Ops Manager supports various authentication mechanisms.

You can select multiple available mechanisms.

1
2

Check the authentication mechanism, then click Next.

3

Configure SSL if desired.

  1. Toggle the Enable SSL slider to Yes.
  2. Click Next

Note

See Enable SSL for a Deployment for SSL setup instructions.

4

Configure the Authentication Mechanism for the Agents.

If you enable more than one authentication mechanism, you must specify which one of the authentication mechanisms the Ops Manager agents should use to connect to your deployment.

  1. Select the authentication mechanism from the Agent Auth Mechanism drop-down menu.

  2. Ops Manager automatically generates the Agents’ usernames and passwords.

    Ops Manager creates users for the agents with the required user roles in the admin database for each existing deployment in Ops Manager. When you add a new deployment, Ops Manager creates the required users in the new deployment.

  3. Click Save.

You do not need to configure all of the agents, only the ones you installed.

Example

If you did not install the Backup agent, you do not need to configure the Backup agent.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.

See Enable Authentication for an Ops Manager Group for detailed instructions for configuring the different authentication mechanisms.

Next Steps

See Manage MongoDB Users to create MongoDB users and roles and assign privileges to those roles.