Skip to content

Commit 130a217

Browse files
nleach999nleach999
committed
MongoTool doc update
1 parent 899ccc6 commit 130a217

File tree

1 file changed

+24
-3
lines changed

1 file changed

+24
-3
lines changed

manual/installing.tex

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -186,9 +186,30 @@ \section{MongoDB Schema Initialization}\label{sec:mongotool}
186186
prior to version 2.1.1 can be safely dropped if desired. See Section \ref{sec:bringyourownindex} for information regarding defining indexes
187187
appropriate for your querying needs.
188188

189-
\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}. \texttt{MongoTool} can be used
190-
to initialize the MongoDB collection schema by a user with elevated privileges that differs from the user that CxAnalytix will use to
191-
write output data. \texttt{MongoTool} can optionally define a user with appropriate minimal privileges that can be used by CxAnalytix.
189+
\noindent\\The executable \texttt{MongoTool} command line parameters are described in Table \ref{tab:mongo_tool_opts}.
190+
191+
192+
\subsection{MongoDB Secure Usage Pattern}
193+
194+
Many applications that use databases deploy the runtime application with a user account that does
195+
not have administrative privileges. Using a non-administrative user in the configured
196+
\hyperref[sec:mongo_config]{MongoDB connection URL} may be desired to limit the capability
197+
of the CxAnalytix MongoDB user if the credentials are somehow exposed. Using \texttt{MongoTool},
198+
these steps can be followed to configure CxAnalytix to access MongoDB with a minimally privileged
199+
user account:
200+
201+
\begin{enumerate}
202+
\item Using the \texttt{-u} or \texttt{--url} option, provide the MongoDB connection
203+
URL to \texttt{MongoTool} that contains the administrative account and password.
204+
This allows \texttt{MongoTool} to create collections and users with the appropriate roles.
205+
206+
\item Provide the \texttt{----mongo-user} and \texttt{--mongo-password} options
207+
to \texttt{MongoTool}. These are the credentials for a minimally-privileged user
208+
that will be created as part of the MongoDB schema creation.
209+
210+
\item Configure the \hyperref[sec:mongo_config]{MongoDB connection URL} with the
211+
user credentials for the minimally-privileged user created by \texttt{MongoTool}.
212+
\end{enumerate}
192213

193214

194215
\begin{table}

0 commit comments

Comments
 (0)