Skip to content
logo
Percona Server for MongoDB 5.0
Enable SCRAM authentication
Initializing search
    percona/psmdb-docs
    percona/psmdb-docs
    • Home
    • Percona Server for MongoDB feature comparison
      • Overview
      • Installing Percona Server for MongoDB on Debian and Ubuntu
      • Installing Percona Server for MongoDB on Red Hat Enterprise Linux and CentOS
      • Installing Percona Server for MongoDB from binary tarball
      • Running Percona Server for MongoDB in a Docker Container
        • Percona Memory Engine
        • Hot Backup
        • $backupCursor and $backupCursorExtend aggregation stages
        • Authentication overview
        • Enable SCRAM authentication
          • Automatic setup
          • Manual setup
        • Set up LDAP authentication with SASL
        • Set up x.509 authentication and LDAP authorization
        • Set up Kerberos authentication
        • AWS IAM authentication
        • Setting up AWS IAM authentication
        • LDAP authorization
        • Set up LDAP authentication and authorization using NativeLDAP
        • Data at rest encryption
        • HashiCorp Vault integration
        • Using the Key Management Interoperability Protocol (KMIP)
        • Local key management using a keyfile
        • Migrating from key file encryption to HashiCorp Vault encryption
      • Auditing
      • Profiling Rate Limit
      • Log Redaction
      • Additional text search algorithm - ngram
      • Tune parameters
        • Upgrade from 4.4 to 5.0
        • Upgrading Percona Server for MongoDB
      • Uninstall Percona Server for MongoDB
      • Percona Server for MongoDB 5.0 Release Notes
      • Percona Server for MongoDB 5.0.15-13 (2023-03-16)
      • Percona Server for MongoDB 5.0.14-12 (2022-12-08)
      • Percona Server for MongoDB 5.0.13-11 (2022-10-12)
      • Percona Server for MongoDB 5.0.11-10 (2022-09-01)
      • Percona Server for MongoDB 5.0.10-9 (2022-08-09)
      • Percona Server for MongoDB 5.0.9-8 (2022-06-20)
      • Percona Server for MongoDB 5.0.8-7 (2022-05-10)
      • Percona Server for MongoDB 5.0.7-6 (2022-04-20)
      • Percona Server for MongoDB 5.0.6-5 (2022-02-10)
      • Percona Server for MongoDB 5.0.5-4 (2021-12-28)
      • Percona Server for MongoDB 5.0.4-3 (Release Candidate) (2021-12-08)
      • Percona Server for MongoDB 5.0.3-2 (Release Candidate) (2021-10-14)
      • Percona Server for MongoDB 5.0.2-1 (Release Candidate) (2021-08-16)
    • Glossary
    • Copyright and licensing information
    • Trademark policy

    • Automatic setup
    • Manual setup

    Enable SCRAM authentication¶

    By default, Percona Server for MongoDB does not restrict access to data and configuration.

    Enabling authentication enforces users to identify themselves when accessing the database. This documents describes how to enable built-in SCRAM authentication mechanism. Percona Server for MongoDB also supports the number of external authentication mechanisms. To learn more, refer to Authentication.

    You can enable authentication either automatically or manually.

    Automatic setup¶

    To enable authentication and automatically set it up, run the /usr/bin/percona-server-mongodb-enable-auth.sh script as root or using sudo.

    This script creates the dba user with the root role. The password is randomly generated and printed out in the output. Then the script restarts Percona Server for MongoDB with access control enabled. The dba user has full superuser privileges on the server. You can add other users with various roles depending on your needs.

    For usage information, run the script with the -h option.

    Manual setup¶

    To enable access control manually:

    1. Add the following lines to the configuration file:

      security:
        authorization: enabled
      
    2. Run the following command on the admin database:

      > db.createUser({user: 'USER', pwd: 'PASSWORD', roles: ['root'] });
      
    3. Restart the mongod service:

      $ service mongod restart
      
    4. Connect to the database as the newly created user:

      $ mongo --port 27017 -u 'USER' -p 'PASSWORD'  --authenticationDatabase "admin"
      

    See also

    MongoDB Documentation: Enable Access Control

    Contact Us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: March 16, 2023
    Created: December 8, 2022
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better.