3.2 Ensure that role-based access control is enabled and configured appropriately

Information

Role-based access control (RBAC) is a method of regulating access to resources based on the roles of individual users within an enterprise. A user is granted one or more roles that determine the user's access to database resources and operations. Outside of role assignments, the user has no access to the system. MongoDB can use RBAC to govern access to MongoDB systems. MongoDB does not enable authorization by default.

When properly implemented, RBAC enables users to carry out a wide range of authorized tasks by dynamically regulating their actions according to flexible functions. This allows an organization to control employees' access to all database tables through RBAC.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

- Establish roles for MongoDB.
- Assign the appropriate privileges to each role.
- Assign the appropriate users to each role.
- Remove any individual privileges assigned to users that are now addressed by the roles.
- See the reference below for more Information.

See Also

https://workbench.cisecurity.org/benchmarks/15675

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-6, 800-53|AC-6(1), 800-53|AC-6(7), 800-53|AU-9(4), CSCv7|14.6

Plugin: MongoDB

Control ID: c4f0fe9c05f29c59c070982ca6868a8459df89f4e5c87542a5a259c8022a92b2