Authentication, Authorization, and Common Errors
Explore the concepts of authentication and authorization in MongoDB to control user access and permissions. Learn how to enable authentication, create and assign roles, test user capabilities, and understand common errors like validation, authentication, and authorization failures to effectively manage database security.
Authentication verifies the identity of a user (e.g., username and password). Whereas, authorization determines what actions an authenticated user is allowed to perform (based on roles and permissions). Authentication keeps unauthorized users out, and authorization limits what authenticated users can do.
How MongoDB handles authentication
By default, MongoDB may run without authentication (not recommended for production). We can enable authentication so users must log in before accessing the database. To enable authentication, we need to perform the following steps. Switch to the admin database to create an administrative user.