From 130a21773c10f61e90a52eaf60e160dbe479ced5 Mon Sep 17 00:00:00 2001 From: Nathan Leach Date: Fri, 14 Jul 2023 12:59:26 -0500 Subject: [PATCH] MongoTool doc update --- manual/installing.tex | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/manual/installing.tex b/manual/installing.tex index 3196c71d..2e9f1958 100644 --- a/manual/installing.tex +++ b/manual/installing.tex @@ -186,9 +186,30 @@ \section{MongoDB Schema Initialization}\label{sec:mongotool} prior to version 2.1.1 can be safely dropped if desired. See Section \ref{sec:bringyourownindex} for information regarding defining indexes appropriate for your querying needs. -\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}. \texttt{MongoTool} can be used -to initialize the MongoDB collection schema by a user with elevated privileges that differs from the user that CxAnalytix will use to -write output data. \texttt{MongoTool} can optionally define a user with appropriate minimal privileges that can be used by CxAnalytix. +\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}. + + +\subsection{MongoDB Secure Usage Pattern} + +Many applications that use databases deploy the runtime application with a user account that does +not have administrative privileges. Using a non-administrative user in the configured +\hyperref[sec:mongo_config]{MongoDB connection URL} may be desired to limit the capability +of the CxAnalytix MongoDB user if the credentials are somehow exposed. Using \texttt{MongoTool}, +these steps can be followed to configure CxAnalytix to access MongoDB with a minimally privileged +user account: + +\begin{enumerate} + \item Using the \texttt{-u} or \texttt{--url} option, provide the MongoDB connection + URL to \texttt{MongoTool} that contains the administrative account and password. + This allows \texttt{MongoTool} to create collections and users with the appropriate roles. + + \item Provide the \texttt{----mongo-user} and \texttt{--mongo-password} options + to \texttt{MongoTool}. These are the credentials for a minimally-privileged user + that will be created as part of the MongoDB schema creation. + + \item Configure the \hyperref[sec:mongo_config]{MongoDB connection URL} with the + user credentials for the minimally-privileged user created by \texttt{MongoTool}. +\end{enumerate} \begin{table}