One of the first administration tasks that you will want to perform in the MongoDB shell is to add users to configure access control. MongoDB provides authentication and authorization at the database level, meaning that users exist in the context of a single database. For basic authentication purposes, MongoDB stores user credentials inside a collection call system.users
in each database.
Initially, the admin
database does not have any users assigned to it. When no users are defined in the admin
database, MongoDB allows connections on the local host to have full administrative access to the database. Therefore, your first step in setting up a new MongoDB instance is to create user administrator and database administrator accounts. The user administrator account has the ability to create user accounts in admin
and other databases. You also need to create a database administrator account that you can use as a superuser to manage databases, clustering, replication, and other aspects of MongoDB.
Note
You create the user administrator and database administrator accounts in the admin
database. If you are using authentication for your MongoDB database, you must authenticate to the admin
database as one of those users in order to administer users or databases. You should also create user accounts for each database for access purposes, as described in the previous section.