Authentication, Authorization, and Common Errors
Understand the difference between authentication (verifying user identity) and authorization (controlling user actions) in MongoDB, and how to enable authentication, create users, and handle common errors.
Authentication verifies the identity of a user (e.g., username and password). Whereas, authorization determines what actions an authenticated user is allowed to perform (based on roles and permissions). Authentication keeps unauthorized users out, and authorization limits what authenticated users can do.
How MongoDB handles authentication
By default, MongoDB may run without authentication (not recommended for production). We can enable authentication so users must log in before accessing the database. To enable authentication, we need to perform the following steps. Switch to the admin database to create an administrative user.
mongosh admin
Note: Global roles like userAdminAnyDatabase, readWriteAnyDatabase, and dbAdminAnyDatabase
are defined only in the admin database.
db.createUser({user: "superadmin",pwd: "securepass",roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]})