MongoDB – Security

By default security in mongoDB is turned off. You can enable it by using mongod –auth or add the key into mongodb.config

If you try any commands from mongodb, the result will look like below:

However you have access to admin database.

or you can try to start the shell from command line:

Type of users (clients):

  • “admin” users:
    • can do administration
    • created in the “admin” database
    • can access all databases
  • regular users:
    • access a specific database
    • read/write or readOnly

To alter the roles:

Available roles:

  • read
  • readWrite
  • dbAdmin
  • userAdmin
  • clusterAdmin
  • readAnyDatabase
  • readWriteAnyDatabase
  • dbAdminAnyDatabase
  • userAdminAnyDatabase

To secure cluster mongodb you can enable Mongodb authentication and authorization with –keyFile flag. When using –keyFile with a replica set, database contents are sent over the network between mongod nodes unencrypted.

The keyfile must be present on all members of replicaset.

Login and test the replica set authentication:

Starting MongoDB 2.6 –auth is implied by –keyFile.

Additional resources:

  1. https://docs.mongodb.org/manual/security/
  2. https://docs.mongodb.org/manual/tutorial/configure-ssl/
  3. https://docs.mongodb.org/manual/reference/built-in-roles/