Authentication, Authorization, and Common Errors
Explore the fundamentals of MongoDB authentication and authorization to understand user identity verification and permission control. Learn how to enable authentication, assign roles, and test user actions. Understand common error messages and how to troubleshoot validation, authentication, and authorization issues.
Authentication verifies the identity of a user (e.g., username and password). Whereas, authorization determines what actions an authenticated user is allowed to perform (based on roles and permissions). Authentication keeps unauthorized users out, and authorization limits what authenticated users can do.
How MongoDB handles authentication
By default, MongoDB may run without authentication (not recommended for production). We can enable authentication so users must log in before accessing the database. To enable authentication, we need to perform the following steps. Switch to the admin database to create an administrative user.