Skip to content

Commit

Permalink
MongoTool doc update
Browse files Browse the repository at this point in the history
  • Loading branch information
@nleach999
nleach999 committed Jul 14, 2023
1 parent 899ccc6 commit 130a217
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions manual/installing.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,9 +186,30 @@ \section{MongoDB Schema Initialization}\label{sec:mongotool}
prior to version 2.1.1 can be safely dropped if desired. See Section \ref{sec:bringyourownindex} for information regarding defining indexes
appropriate for your querying needs.

\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}. \texttt{MongoTool} can be used
to initialize the MongoDB collection schema by a user with elevated privileges that differs from the user that CxAnalytix will use to
write output data. \texttt{MongoTool} can optionally define a user with appropriate minimal privileges that can be used by CxAnalytix.
\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}.


\subsection{MongoDB Secure Usage Pattern}

Many applications that use databases deploy the runtime application with a user account that does
not have administrative privileges. Using a non-administrative user in the configured
\hyperref[sec:mongo_config]{MongoDB connection URL} may be desired to limit the capability
of the CxAnalytix MongoDB user if the credentials are somehow exposed. Using \texttt{MongoTool},
these steps can be followed to configure CxAnalytix to access MongoDB with a minimally privileged
user account:

\begin{enumerate}
\item Using the \texttt{-u} or \texttt{--url} option, provide the MongoDB connection
URL to \texttt{MongoTool} that contains the administrative account and password.
This allows \texttt{MongoTool} to create collections and users with the appropriate roles.

\item Provide the \texttt{----mongo-user} and \texttt{--mongo-password} options
to \texttt{MongoTool}. These are the credentials for a minimally-privileged user
that will be created as part of the MongoDB schema creation.

\item Configure the \hyperref[sec:mongo_config]{MongoDB connection URL} with the
user credentials for the minimally-privileged user created by \texttt{MongoTool}.
\end{enumerate}


\begin{table}
Expand Down

0 comments on commit 130a217

Please sign in to comment.