The documents are confusing me a little bit and I'm not finding any answers on here or google. I'm using my own auth via passport-local-mongoose, so I don't need to use mongo's auth at all.
The docs say that I should create a new user for each user/application. Does this mean I create a user for each entry point, ie: one for mobile app, one for web service api, and then an admin for management?
Or does this mean I need to make a new user for every single person who signs up on my site/app?
Every interaction with entry points (other than user registration) requires auth already, so creating a separate mongo user for every registered user seems redundant, however this is my first database so I'm not sure how things work as far as logging or security best practices.
It is worth noting that I am currently storing users as collections with embedded documents for their data for easy lookup per user.
Best Answer
As per MongoDB BOL Role-Based Access Control MongoDB employs
Role-Based Access Control(RBAC) to govern access to aMongoDBsystem. A user is granted one or more roles that determine the user’s access to database resources and operations. Outside ofrole assignments, the user has no access to the system.MongoDB does not enable access control by default. You can enable authorization using the --auth or the security.authorization setting. Enabling internal authentication also enables client authorization.
Once access control is enabled, users must authenticate themselves.
As MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions.
MongoDB grants access to data and commands through
role-based authorizationand providesbuilt-in rolesthat provide the different levels of access commonly needed in a database system. You can additionally createuser-defined roles.A role grants privileges to perform sets of actions on defined resources. A given role applies to the database on which it is defined and can grant access down to a collection level of granularity.
For your further ref Here and Here