Navigation
You were redirected from a different version of the documentation. Click here to go back.

Manage MongoDB Users

Overview

When you select an Authentication Mechanism for your Ops Manager group, this enables access control for all managed deployments in your Ops Manager group.

With access control enabled, clients must authenticate to the MongoDB process as MongoDB users. Once authenticated, these users only have privileges granted by their assigned roles. You can assign MongoDB’s built-in roles to a user as well as custom roles.

You can create MongoDB users before or after enabling accessing control, but your MongoDB instances do not require user credentials if access control is not enabled.

Important

MongoDB users are separate from Ops Manager users. MongoDB users have access to MongoDB databases, while Ops Manager users access the Ops Manager application itself.

Considerations

Managed Users and Roles

Users and roles that Ops Manager manages have the Synced value set to Yes and are synced to all deployments in the group.

Users and roles that are not managed by the Ops Manager group have the Synced value set to No and exist only in their respective MongoDB deployments.

Consistent Users and Roles

Ops Manager has two modes of user and role management, depending upon the value of Enforce Consistent Set:

  • Enforce Consistent Set is YES

    In this mode, all deployments managed by the Ops Manager group have the same set of MongoDB users and roles; specifically, all users and roles managed by the Ops Manager group.

    Only MongoDB users and roles managed by the Ops Manager group, i.e. Synced value set to Yes, can exist in the group’s managed deployments, and any users and roles not managed by the Ops Manager group are deleted from these deployments.

  • Enforce Consistent Set is NO

    In this mode, deployments managed by the Ops Manager group can have different sets of MongoDB users and roles, including MongoDB users and roles not managed through the Ops Manager group. To manage these users and roles, you must connect directly to the MongoDB deployment.

    Users and roles managed by Ops Manager, i.e. Synced value set to Yes, are created in all deployments managed by the group. Users and roles not managed by Ops Manager, i.e. Synced value set to No, exist only in the specific deployment.

    Note

    Enforce Consistent Set set to NO is the default setting.

Procedures

Add a MongoDB User

1

Click Deployment, then Security, then Users.

2

Click the Add New User button.

3

Complete the user account fields.

Field Description
Identifier
  • In the first field, enter the database on which the user authenticates.
  • In the second field, enter a username.

Together, the database and username uniquely identify the user. Though the user has just one authentication database, the user can have privileges on other databases. You grant those privileges when assigning the user roles.

If you are authenticating with an external system, like Kerberos or an LDAP server, add users to the $external database.

Roles Enter any available user-defined roles and built-in roles into the field. The field provides a drop-down list of existing roles when you click in this field.
Password

Enter the user’s password.

Important

If you specified $external as the database in the Identifier, you do not need to specify a password for the new user.

4

Click Add User.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.

Edit a MongoDB User’s Password and Roles

1

Click Deployment, then Security, then Users.

2

On the line for the desired user, click Edit.

3

Edit the user’s information.

In the Roles field, you can both add and delete user-defined roles and built-in roles roles. The Roles field provides a drop-down list when you click in this field.

4

Click Save Changes.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.

Manage or Unmanage MongoDB Users

1

Click Deployment, then Security, then Users.

2

Click Refresh to discover any unmanaged users in your deployments.

This shows all MongoDB users present in all managed deployments for the Ops Manager group and any potential conflicts.

3

Select users to manage or unmanage.

Set the Sync switch to Yes for each MongoDB user you want Ops Manager to manage. To manage all MongoDB users for the Ops Manager group, click the Sync All link.

Set the Sync switch to No to unmanage the MongoDB user.

Current Sync State New Sync State What Changes
NO YES

Ops Manager now manages the user.

Note

If there are any potential conflicts with other discovered users, you will be presented with the option to resolve conflicts.

YES NO

Ops Manager no longer manages the user.

Warning

If Ensure Consistent Set is YES, the user is deleted from all MongoDB databases Ops Manager currently manages for this group.

Note

If Ensure Consistent Set is NO, Ops Manager no longer manages the users in that MongoDB database, but these users can be managed through a direct connection to that database.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.
7

Click Refresh to verify the desired users have been removed from your deployments.

Remove a MongoDB User

The following procedure deletes the MongoDB user from all the group’s managed MongoDB deployments. See also Manage or Unmanage MongoDB Users.

1

Click Deployment, then Security, then Users.

2

Set the Ensure Consistent Set toggle to YES.

3

Set the Sync setting for the users to be deleted to OFF.

4

Click Delete next to the user to delete.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Ops Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.
7

Click Refresh to verify the desired users have been removed from your deployments.