diff --git a/Dockerfile b/Dockerfile
index 06b00f696ef19f9f1f63d9a67d34e20100c02b22..de3d9a36df32d214037f7871e928a647dbc0e1d2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,9 @@ RUN mkdir -p $WORKING_DIR
 # copy over the script to make permissions compatible with OpenShift
 COPY scripts/fix-permissions.sh /usr/local/bin
 
+# copy create user script
+COPY scripts/createuser.sh /docker-entrypoint-initdb.d/
+
 # ensure the script is executable
 RUN chmod a+x /usr/local/bin/fix-permissions.sh
 
@@ -26,12 +29,12 @@ RUN fix-permissions.sh ${DATA_DIR} -P && \
     fix-permissions.sh ${CONFIG_DIR} -P && \
     fix-permissions.sh ${WORKING_DIR} -P 
 
-RUN ls -ltrh ${DATA_DIR}
-RUN ls -ltrh ${CONFIG_DIR}
-RUN ls -ltrh ${WORKING_DIR}
-
 # set home directory to persistent volume directory
 ENV HOME=/var/lib/mongodb/data
 
+# ensure folder is writable
+RUN chown -R mongodb:mongodb /usr/local/bin 
+
 # switch back to mongodb (for non-containerized environments)
 USER mongodb:mongodb
+
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 28bbecdb4a2ea41d2a8b12215ed5b06da4998854..e5bf0291ef7c5451b2805e32833b4af43df31765 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -7,7 +7,7 @@ name: "diat/aap-mongo"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "14.1"
+- "15.1"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -29,7 +29,7 @@ labels:
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "aap-mongo"
   # Authoritative version of the software
-  org.opencontainers.image.version: "14.1"
+  org.opencontainers.image.version: "15.1"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "aap,mongo,aap-mongo,aapmongo,mongodb,aap-mongodb,atlas,diat"
   # This value can be "opensource" or "commercial"
diff --git a/scripts/createuser.sh b/scripts/createuser.sh
new file mode 100644
index 0000000000000000000000000000000000000000..fd8aee2d9ab775787445b9d0c2b63b80b85caec5
--- /dev/null
+++ b/scripts/createuser.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+echo "Initializing database $MONGO_INITDB_DATABASE and creating database user $MONGODB_USER" 
+
+mongo=( mongo --host 127.0.0.1 --port 27017 --quiet )
+
+"${mongo[@]}" "$MONGO_INITDB_DATABASE" <<-EOJS
+    db.createUser({
+        user: $(_js_escape "$MONGODB_USER"),
+        pwd: $(_js_escape "$MONGODB_PASSWORD"),
+        roles: [ { role: 'readWrite', db: $(_js_escape "$MONGO_INITDB_DATABASE") } ]
+    })
+
+EOJS
+