I see a mongodb update and dont know who and when it was made?is this logged in somewhere in mongodb?which logs and where can I check on who made this update?
is this logged in somewhere in mongodb?
MongoDB Enterprise includes an auditing capability for mongod and mongos instances. The auditing facility allows administrators and users to track system activity for deployments with multiple users and applications. See also Tutorial: configure auditing.
If your database is hosted on MongoDB Atlas, auditing is included natively. See MongoDB Atlas: Database Auditing for more information and steps to configure it.
If you're not using MongoDB Enterprise nor MongoDB Atlas, you can ensure all users to authenticate with their own user/password and have a controlled access. i.e. custom application that tracks user, operation and time.
Related
I'm using Mongodb on azure (not Mongodb Atlas), I installed manually Mongodb on three VMs on Azure, what I'm looking for is, everytime a new record is inserted or updated or delete on Mongodb I want this change to be refletcted on Azure Search, do you have any idea How van I do that ?
There is no built in Azure Search Indexer for Mongo, one option is to migrate your existing Mongo DBs to Azure Cosmos with the Mongo API. See this doc.
Another option is to use the Azure Search push API, for which you need to watch for changes in the Mongo DB, see this and based on those newly added or deleted docs then use the Push API the make changes to the index, see this tutorial using the .NET Azure search sdk https://learn.microsoft.com/en-us/azure/search/tutorial-optimize-indexing-push-api
If you migrate your current MongoDB to Azure Cosmos DB API for MongoDB as suggested in this thread, Azure Cognitive Search has a Cosmos DB Mongo DB indexer in Public Preview and you can opt to have it enabled according to that documentation and give it a try.
I am investigating NoSQL Technologies for use in a project and Azure Cosmos Mongo API has arisen as an option. As part of Microsofts recommended architecture there is a Resource broker component middleware which retains ownership of the CosmosDB Master access key, and that can generate/distribute resource tokens for finer-grained access to consuming clients.
The documentation does not seem to allude to the Mongo API anywhere however and I cannot find information anywhere about it, is this pattern not available for the Cosmos Mongo API database? If that is the case, and Cosmos Mongo API requires access simply to a Master key, how would fine-grained access control and least privilege access be able to work?
There is an alternative question on Stackoverflow around creation of resource tokens but I would want to use an ORM such as mongoose in order to connect to CosmosDB with a resource token to avoid having to distribute Master keys out to many services.
Any answers greatly appreciated!
Resource Tokens are not possible with MongoDB API for Cosmos DB because MongoDB clients do not understand what to do with these. If you are looking at using Cosmos DB as a managed NoSQL database I recommend using the Core (SQL) API.
For more information on this see, Resource Tokens. There are also two reference implementations for token brokers, a Xamarin sample app and another built by Citrix.
Hope this is helpful.
When I create a binding with the service MongoDB, CF creates me a new user and provides me credentials/db name which cannot access the 'local' database as the user has not the admin role.
See below in the screenshot, I can access the 'local' database on my MongoDB installed locally on my PC and on the CF database (connected with SSH) I can only accesses the DB '201af166f4b82788' and I do not see the 'local'.
How could I grant access to the local DB to my CF user?
Thanks!
It looks like your Mongodb provider does not give you the permissions to do this. I don't think there's anything you can do to circumvent the permissions given by your provider.
If you have a legit use case that needs access, you should contact the Support team for your Mongodb provider and see if they can do anything to help.
Other options would be to find a different Mongodb provider, perhaps one that can provide you with a dedicated Mongodb server or host your own Mongodb. If you host your own then you can configure it to do whatever you want.
If you end up hosting your own or using a provider that's outside of your Cloud Foundry marketplace, you can create a user provided service (see cf cups) with the information, bind that to your app and read the information just like you would from a provider in the marketplace.
Hope that helps!
I am trying to deploy Orion on my own infrastructure, while using an hosted solution for MongoDB. With the hosting plans that I want to use, it is not possible to have access to the admin database.
Is there any way I can achieve multitenancy without access to the admin database?
I would like to have at least three tenants, but I can live with the fact that they must be created outside of Orion.
Current Orion version (0.22.0) uses admin database to authenticate in the case of multitenant. However, a workaround is possible: to set up different contextBroker processes (each one listening in a different port), each one running in mono-tenant way (i.e. without -multiservice enabled) with a different -db, -db user and -dbpwd.
I can successfully set up authentication and use it with mongoDB. The issue i'm currently having is that I can't work out how to have authentication set for one database, but not others. For instance, if my databases are:
admin
authenticatedDB
openDB
I would like authenticatedDB to require authentication, whereas I'd like openDB to be freely accessible with no login. Is this possible within MongoDB?
If it's not possible, is there a way to run two separate mongod sessions locally?
Thanks in advance :)
The issue i'm currently having is that I can't work out how to have authentication set for one database, but not others.
Auth (as at MongoDB 2.4) is a global setting, so will be required for all connections once you have enabled authentication and created a user administrator.
If it's not possible, is there a way to run two separate mongod sessions locally?
You can run multiple instances on the same server by specifying different data directories and port values for each mongod. This is definitely not a recommended practice for production environments as multiple mongods will be competing for the same host resources.
As an alternative to running multiple mongods, you could use weak credentials for your openDB (i.e. username and password openDB). Access control in MongoDB 2.4+ uses user privilege roles so your openDB user could be limited to read or readWrite role on the openDB database.