Reader small image

You're reading from  Mastering MongoDB 7.0 - Fourth Edition

Product typeBook
Published inJan 2024
PublisherPackt
ISBN-139781835460474
Edition4th Edition
Concepts
Right arrow
Authors (7):
Marko Aleksendrić
Marko Aleksendrić
author image
Marko Aleksendrić

Marko Aleksendrić is an analyst, an ex-scientist, and a freelance self-taught web developer with over 20 years of experience. Marko has authored the book Modern Web Development with the FARM Stack, published by Packt Publishing. With a keen interest in backend and frontend development, he has been an avid MongoDB user for the last 15 years for various web and data analytics-related projects, with Python and JavaScript as his main tools.
Read more about Marko Aleksendrić

Arek Borucki
Arek Borucki
author image
Arek Borucki

Arek Borucki, a recognized MongoDB Champion and certified database administrator, has been working with MongoDB technology since 2016. As principal SRE database engineer, he works closely with technologies such as MongoDB, Elasticsearch, PostgreSQL, Kafka, Kubernetes, Terraform, AWS, and GCP. His extensive experience includes working with renowned companies such as Amadeus, Deutsche Bank, IBM, Nokia, and Beamery. Arek is also a Certified Kubernetes Administrator and developer, an active speaker at international conferences, and a co-author of questions for the MongoDB Associate DBA Exam.
Read more about Arek Borucki

Leandro Domingues
Leandro Domingues
author image
Leandro Domingues

Leandro Domingues is a MongoDB Community Champion and a Microsoft Data Platform MVP alumnus. Specializing in NoSQL databases, focusing on MongoDB, he has authored several articles and is also a speaker and organizer of events and conferences. In addition to teaching MongoDB, he was a professor at one of the largest universities in Brazil. Leandro is passionate about MongoDB and is a mentor and an inspiration to many developers and administrators. His efforts make MongoDB a more comprehensible tool for everyone.
Read more about Leandro Domingues

Malak Abu Hammad
Malak Abu Hammad
author image
Malak Abu Hammad

Malak Abu Hammad is a seasoned software engineering manager at Chain Reaction, with a decade of expertise in MongoDB. She has carved a niche for herself not only in MongoDB but also in essential web app technologies. Along with conducting various online and offline workshops, Malak is a MongoDB Champion and a founding member of the MongoDB Arabic Community. Her vision for MongoDB is a future with an emphasis on Arabic localization, aimed at bridging the gap between technology and regional dialects.
Read more about Malak Abu Hammad

Elie Hannouch
Elie Hannouch
author image
Elie Hannouch

Elie Hannouch is a senior software engineer and digital transformation expert. A driving force in the tech industry, he has a proven track record of delivering robust, scalable, and impactful solutions. As a start-up founder, Elie combines his extensive engineering background with strategic innovation to redefine how enterprises operate in today's digital age. Apart from being a MongoDB Champion, Elie leads the MongoDB, Google, and CNCF communities in Lebanon and works toward empowering aspiring tech professionals by demystifying complex concepts and inspiring a new generation of tech enthusiasts.
Read more about Elie Hannouch

Rajesh Nair
Rajesh Nair
author image
Rajesh Nair

Rajesh Nair is a software professional from Kerala, India, with over 12 years of experience working in various MNCs. He started his career as a database administrator for multiple RDBMS technologies, including Progress OpenEdge and MySQL. Rajesh also managed huge datasets for critical applications running on MongoDB as a MongoDB administrator for several years. He has worked on technologies such as MongoDB, AWS, Java, Kafka, MySQL, Progress OpenEdge, shell scripting, and Linux administration. Rajesh is currently based out of Amsterdam, Netherlands, working as a senior software engineer.
Read more about Rajesh Nair

Rachelle Palmer
Rachelle Palmer
author image
Rachelle Palmer

Rachelle Palmer is the Product Leader for Developer Database Experience and Developer Education at MongoDB, overseeing the driver client libraries, documentation, framework integrations, and MongoDB University. She has built sample applications for MongoDB in Java, PHP, Rust, Python, Node.js, and Ruby. Rachelle joined MongoDB in 2013 and was previously the director of the technical services engineering team, creating and managing the team that provided support and CloudOps to MongoDB Atlas.
Read more about Rachelle Palmer

View More author details
Right arrow

Security

When using MongoDB, database security is of utmost importance. Fortunately, it offers easy installation and other benefits such as encryption to protect your data in-transit (SSL/TLS) and at rest, auditing to track executed operations, and so on. This chapter will cover the key aspects of choosing and correctly implementing the types of authentications and authorizations that exist in MongoDB. You'll also look at how role-based access control (RBAC) works, and how you can effectively manage users in your database environment.

MongoDB offers mechanisms for controlling access and functions that a user can perform. You can imagine these mechanisms as a tripod composed of different authentication methods, types of authorization, and user management. Authentication identifies the user accessing the database (who), while authorization determines the user's allowed actions in the database (what). These actions include data operations (read, insert, update, delete), instance...

Authentication methods

The first pillar of security in MongoDB is authentication. Authentication is responsible for identifying who is accessing the database. For this part, you have four methods.

For the Community version, you have the following methods:

  • SCRAM (default)
  • x.509

For the Enterprise Advanced version, you also have the following methods:

  • LDAP
  • Kerberos

Each of these mechanisms has its pros and cons, and to choose the most appropriate one, you must consider your business needs, and the objectives you want to achieve with this step. Let's examine each of these methods in detail.

SCRAM

When you enable authentication in MongoDB, the default method is Salted Challenge Response Authentication Mechanism (SCRAM). Created by the Internet Engineering Task Force (IETF), SCRAM is a robust and secure authentication protocol that enables user authentication without sending the user's password in plain text over the network.

Instead...

Role-based access control (RBAC)

In MongoDB, you can efficiently manage user permissions with RBAC. RBAC allows granularity and flexibility for database resources. You can build functions that define the actions that users can perform, for example, only allowing a user to read data, but not to change or delete it. These can be built-in roles or user-defined roles and can be assigned to any user.

Built-in roles are already defined with MongoDB and you have a variety of them. User-defined roles, as the name implies, are roles that you can create as needed.

Assigning roles to users rather than granting individual permissions simplifies the access management process, especially in large and complex environments.

Using RBAC has several advantages:

  • It provides granular control over permissions. Organizations can define a wide range of roles to reflect the different responsibilities and access needs of users.
  • It helps enforce the principle of least privilege, a security...

Summary

This chapter discussed the critical role of security in MongoDB, delving into robust authentication methods such as SCRAM, x.509, LDAP, and Kerberos. However, security doesn't stop at authentication; it extends to proper user privilege management through RBAC. By implementing these best practices, MongoDB not only delivers performance and scalability but also remains a secure and dependable data platform.

In the next chapter, you'll see how auditing works in MongoDB. You'll also get to learn how to enable it in various use cases and tackle possible problems.

lock icon
The rest of the chapter is locked
You have been reading a chapter from
Mastering MongoDB 7.0 - Fourth Edition
Published in: Jan 2024Publisher: PacktISBN-13: 9781835460474
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime

Authors (7)

author image
Marko Aleksendrić

Marko Aleksendrić is an analyst, an ex-scientist, and a freelance self-taught web developer with over 20 years of experience. Marko has authored the book Modern Web Development with the FARM Stack, published by Packt Publishing. With a keen interest in backend and frontend development, he has been an avid MongoDB user for the last 15 years for various web and data analytics-related projects, with Python and JavaScript as his main tools.
Read more about Marko Aleksendrić

author image
Arek Borucki

Arek Borucki, a recognized MongoDB Champion and certified database administrator, has been working with MongoDB technology since 2016. As principal SRE database engineer, he works closely with technologies such as MongoDB, Elasticsearch, PostgreSQL, Kafka, Kubernetes, Terraform, AWS, and GCP. His extensive experience includes working with renowned companies such as Amadeus, Deutsche Bank, IBM, Nokia, and Beamery. Arek is also a Certified Kubernetes Administrator and developer, an active speaker at international conferences, and a co-author of questions for the MongoDB Associate DBA Exam.
Read more about Arek Borucki

author image
Leandro Domingues

Leandro Domingues is a MongoDB Community Champion and a Microsoft Data Platform MVP alumnus. Specializing in NoSQL databases, focusing on MongoDB, he has authored several articles and is also a speaker and organizer of events and conferences. In addition to teaching MongoDB, he was a professor at one of the largest universities in Brazil. Leandro is passionate about MongoDB and is a mentor and an inspiration to many developers and administrators. His efforts make MongoDB a more comprehensible tool for everyone.
Read more about Leandro Domingues

author image
Malak Abu Hammad

Malak Abu Hammad is a seasoned software engineering manager at Chain Reaction, with a decade of expertise in MongoDB. She has carved a niche for herself not only in MongoDB but also in essential web app technologies. Along with conducting various online and offline workshops, Malak is a MongoDB Champion and a founding member of the MongoDB Arabic Community. Her vision for MongoDB is a future with an emphasis on Arabic localization, aimed at bridging the gap between technology and regional dialects.
Read more about Malak Abu Hammad

author image
Elie Hannouch

Elie Hannouch is a senior software engineer and digital transformation expert. A driving force in the tech industry, he has a proven track record of delivering robust, scalable, and impactful solutions. As a start-up founder, Elie combines his extensive engineering background with strategic innovation to redefine how enterprises operate in today's digital age. Apart from being a MongoDB Champion, Elie leads the MongoDB, Google, and CNCF communities in Lebanon and works toward empowering aspiring tech professionals by demystifying complex concepts and inspiring a new generation of tech enthusiasts.
Read more about Elie Hannouch

author image
Rajesh Nair

Rajesh Nair is a software professional from Kerala, India, with over 12 years of experience working in various MNCs. He started his career as a database administrator for multiple RDBMS technologies, including Progress OpenEdge and MySQL. Rajesh also managed huge datasets for critical applications running on MongoDB as a MongoDB administrator for several years. He has worked on technologies such as MongoDB, AWS, Java, Kafka, MySQL, Progress OpenEdge, shell scripting, and Linux administration. Rajesh is currently based out of Amsterdam, Netherlands, working as a senior software engineer.
Read more about Rajesh Nair

author image
Rachelle Palmer

Rachelle Palmer is the Product Leader for Developer Database Experience and Developer Education at MongoDB, overseeing the driver client libraries, documentation, framework integrations, and MongoDB University. She has built sample applications for MongoDB in Java, PHP, Rust, Python, Node.js, and Ruby. Rachelle joined MongoDB in 2013 and was previously the director of the technical services engineering team, creating and managing the team that provided support and CloudOps to MongoDB Atlas.
Read more about Rachelle Palmer