Skip to content

Enable SCRAM authentication

By default, Percona Server for MongoDB does not restrict access to data and configuration.

Enabling authentication enforces users to identify themselves when accessing the database. This documents describes how to enable built-in SCRAM authentication mechanism. Percona Server for MongoDB also supports the number of external authentication mechanisms. To learn more, refer to Authentication.

You can enable authentication either automatically or manually.

Automatic setup

To enable authentication and automatically set it up, run the /usr/bin/percona-server-mongodb-enable-auth.sh script as root or using sudo.

This script creates the dba user with the root role. The password is randomly generated and printed out in the output. Then the script restarts Percona Server for MongoDB with access control enabled. The dba user has full superuser privileges on the server. You can add other users with various roles depending on your needs.

For usage information, run the script with the -h option.

Manual setup

To enable access control manually:

  1. Add the following lines to the configuration file:

    security:
      authorization: enabled
    
  2. Run the following command on the admin database:

    > db.createUser({user: 'USER', pwd: 'PASSWORD', roles: ['dbAdmin'] });
    
  3. Restart the mongod service:

    $ service mongod restart
    
  4. Connect to the database as the newly created user:

    $ mongosh --port 27017 -u 'USER' -p 'PASSWORD'  --authenticationDatabase "admin"
    

See also

MongoDB Documentation: Enable Access Control

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.