Enable SCRAM authentication¶

By default, Percona Server for MongoDB does not restrict access to data and configuration.

Enabling authentication enforces users to identify themselves when accessing the database. This documents describes how to enable built-in SCRAM authentication mechanism. Percona Server for MongoDB also supports the number of external authentication mechanisms. To learn more, refer to Authentication.

You can enable authentication either automatically or manually.

Automatic setup¶

To enable authentication and automatically set it up, run the /usr/bin/percona-server-mongodb-enable-auth.sh script as root or using sudo.

This script creates the dba user with the root role. The password is randomly generated and printed out in the output. Then the script restarts Percona Server for MongoDB with access control enabled. The dba user has full superuser privileges on the server. You can add other users with various roles depending on your needs.

For usage information, run the script with the -h option.

Manual setup¶

To enable access control manually:

Add the following lines to the configuration file:
```
security:
  authorization: enabled
```

Run the following command on the admin database:

> db.createUser({user: 'USER', pwd: 'PASSWORD', roles: ['root'] });

Restart the mongod service:
```
$ service mongod restart
```

Connect to the database as the newly created user:

$ mongo --port 27017 -u 'USER' -p 'PASSWORD'  --authenticationDatabase "admin"

Get expert help¶

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.

Community Forum Get a Percona Expert

Last update: March 16, 2023
Created: December 8, 2022