Enabling Access Control and Authentication in MongoDB

Last Updated : 25 Feb, 2026

Access control and authentication in MongoDB secure the database by verifying user identities and enforcing role-based permissions to prevent unauthorized access and protect data integrity.

  • Enable authentication to allow access only to verified users and applications.
  • Apply RBAC to enforce least-privilege permissions.
  • Restrict actions to specific databases, collections, and operations.
  • Protects sensitive data and reduces unauthorized or malicious changes.

Configuring MongoDB Access Control and User Authentication

To secure your MongoDB instance, follow these steps in the specified order to successfully enable authentication and access control.

Step 1: Start the MongoDB

Start the MongoDB server by opening the command prompt and running the following command. 

mongosh

Output:

mongosh

As we can see that the database has been started and we can access it.

Step 2: Create a Database and Add Documents

Create a database using the command prompt or MongoDB Compass to use GUI. The database is created automatically when you create your first collection.

use mydb  //Creates database
db.createCollection("nameColletion")

Output:

Screenshot-2026-02-25-114937

Once we have successfully created a database, it's time to insert few documents into the database.

db.myCollection.insertOne({ name: "Philips", age: 21})

Output:

Screenshot-2026-02-25-115036

Using the same format, you can create database & collection and insert additional data as needed.

Step 3: Create a Database User with Proper Roles

To enable authentication, create users and assign them appropriate roles based on responsibilities. Avoid giving unnecessary privileges to application users.

db.createUser({
  user: "Geek",
  pwd: "abc123",
  roles: [ { role: "userAdmin", db: "mydb" } ]
})

Output:

Screenshot-2026-02-25-115612

Create an Application User (for data access)

db.createUser({
  user: "appUser",
  pwd: "StrongApp@123",
  roles: [ { role: "readWrite", db: "mydb" } ]
})

Output:

Screenshot-2026-02-25-122255

Step 4: Change MongoDB Configuration to Enable Authentication

By default, MongoDB authentication is disabled, so you must edit mongod.conf to enable access control.

C:\Program Files\MongoDB\Server\8.2\bin

Open the mongod.conf file in any editor and write the following under security

security:
        authorization: enabled

Screenshot-2026-02-25-120115

Save the changes and close the file. Once we have made the changes, Go to Services in Windows and find MongoDB and restart it.

Services-in-Windows

Step 5: Authenticate with the Created User

After restarting MongoDB, try accessing the data without authenticating. For example, attempt to fetch documents from the myCollection collection:

db.myCollection.find()

Output:

authorization

This means we have successfully enable authentication and access control.

Now to see the data, let's first give the username and password.

db.auth("appUser","StrongApp@123")

Output:

Screenshot-2026-02-25-122124

Check for the available documents in the database.

db.myCollection.find()

Output:

Screenshot-2026-02-25-122159

As we can see after successful authentication, we get access to the documents available in the MongoDB database.

Comment
Article Tags:
MongoDB
Databases

Explore