- Groups and Users >
- Manage MongoDB Users and Roles >
- Manage MongoDB Users
Manage MongoDB Users¶
On this page
Overview¶
When you select an Authentication Mechanism for your Ops Manager group, this enables access control for all managed deployments in your Ops Manager group.
With access control enabled, clients must authenticate to the MongoDB process as MongoDB users. Once authenticated, these users only have privileges granted by their assigned roles. You can assign MongoDB’s built-in roles to a user as well as custom roles.
You can create MongoDB users before or after enabling accessing control, but your MongoDB instances do not require user credentials if access control is not enabled.
Important
MongoDB users are separate from Ops Manager users. MongoDB users have access to MongoDB databases, while Ops Manager users access the Ops Manager application itself.
Considerations¶
Managed Users and Roles¶
Any users or roles you choose to manage in an Ops Manager group have their
Synced value set to Yes
and are synced to all deployments in
the group.
Any users or roles you do not choose to manage in an Ops Manager group have their
Synced value set to No
and exist only in their respective
MongoDB deployments.
Note
If you toggle Synced to OFF
after import, any users or
roles you create are deleted.
Consistent Users and Roles¶
Ops Manager has two modes of user and role management that depend upon the value of Enforce Consistent Set:
- Enforce Consistent Set is
YES
In this mode, all deployments that the Ops Manager group manages have the same set of MongoDB users and roles; specifically, all users and roles that the Ops Manager group manages.
Only the MongoDB users and roles that the Ops Manager group manages, that is Synced value set to
Yes
, can exist in the group’s managed deployments. Any users and roles that the Ops Manager group does not manage group are deleted from these deployments.- Enforce Consistent Set is
NO
In this mode, deployments that the Ops Manager group manages can have different sets of MongoDB users and roles, including MongoDB users and roles not managed through the Ops Manager group. To manage these users and roles, you must connect directly to the MongoDB deployment.
Users and roles that the Ops Manager group manages, where Synced value set to
Yes
, are created in all deployments the Ops Manager group manages. Users and roles that the Ops Manager group does not manage, where Synced value set toNo
, exist only in the specific deployment.Note
Enforce Consistent Set set to
NO
is the default setting.
To learn how importing MongoDB deployments can affect managing users and roles, see Automation and Updated Security Settings Upon Import.
Procedures¶
Add a MongoDB User¶
Click Deployment, then Security, then Users.¶
Click the Add New User button.¶
Complete the user account fields.¶
Field | Description |
---|---|
Identifier |
Together, the database and username uniquely identify the user. Though the user has just one authentication database, the user can have privileges on other databases. You grant those privileges when assigning the user roles. If you are authenticating with an external system, like
Kerberos or an LDAP server, add users to the
|
Roles | Enter any available user-defined roles and built-in roles into the field. The field provides a drop-down list of existing roles when you click in this field. |
Password | Enter the user’s password. Important If you specified |
Click Add User.¶
Click Review & Deploy to review your changes.¶
Review and approve your changes.¶
Ops Manager displays your proposed changes.
- If you are satisfied, click Confirm & Deploy.
- Otherwise, click Cancel and you can make additional changes.
Edit a MongoDB User’s Password and Roles¶
Click Deployment, then Security, then Users.¶
On the line for the desired user, click Edit.¶
Edit the user’s information.¶
In the Roles field, you can both add and delete user-defined roles and built-in roles roles. The Roles field provides a drop-down list when you click in this field.
Click Save Changes.¶
Click Review & Deploy to review your changes.¶
Review and approve your changes.¶
Ops Manager displays your proposed changes.
- If you are satisfied, click Confirm & Deploy.
- Otherwise, click Cancel and you can make additional changes.
Manage or Unmanage MongoDB Users¶
Click Deployment, then Security, then Users.¶
Click Refresh to discover any unmanaged users in your deployments.¶
This shows all MongoDB users present in all managed deployments for the Ops Manager group and any potential conflicts.
Select users to manage or unmanage.¶
Set the Sync switch to Yes
for each MongoDB user you
want Ops Manager to manage. To manage all MongoDB users for the Ops Manager group, click the
Sync All link.
Set the Sync switch to No
to unmanage the MongoDB
user.
Current Sync State | New Sync State | What Changes |
---|---|---|
NO |
YES |
Ops Manager now manages the user. Note If there are any potential conflicts with other discovered users, you will be presented with the option to resolve conflicts. |
YES |
NO |
Ops Manager no longer manages the user. Warning If Ensure Consistent Set is Note If Ensure Consistent Set is |
Click Review & Deploy to review your changes.¶
Review and approve your changes.¶
Ops Manager displays your proposed changes.
- If you are satisfied, click Confirm & Deploy.
- Otherwise, click Cancel and you can make additional changes.
Click Refresh to verify the desired users have been removed from your deployments.¶
Remove a MongoDB User¶
The following procedure deletes the MongoDB user from all the group’s managed MongoDB deployments. See also Manage or Unmanage MongoDB Users.
Click Deployment, then Security, then Users.¶
Set the Ensure Consistent Set toggle to YES
.¶
Set the Sync setting for the users to be deleted to OFF
.¶
Click Delete next to the user to delete.¶
Click Review & Deploy to review your changes.¶
Review and approve your changes.¶
Ops Manager displays your proposed changes.
- If you are satisfied, click Confirm & Deploy.
- Otherwise, click Cancel and you can make additional changes.