Dragonfly Cloud announces new enterprise security features - learn more

Question: How do you assign a MongoDB cluster monitor role to a user?

Answer

In MongoDB, the clusterMonitor role is designed to grant users read-only access to monitoring tools and functions for the entire cluster. This role includes permissions necessary for tools such as mongostat, mongotop, and several other diagnostic commands that are crucial for effectively monitoring the state and performance of a MongoDB cluster.

Assigning the clusterMonitor Role

To assign the clusterMonitor role to a user, you first need to connect to your MongoDB instance or cluster using the mongo shell or an equivalent MongoDB client. Once connected, you can use the db.createUser() or db.updateUser() methods to assign the role, depending on whether you're creating a new user or updating an existing one.

Creating a New User with the clusterMonitor Role

use admin; db.createUser({ user: 'monitorUser', pwd: 'password', // Use a strong, unique password in production environments roles: [{ role: 'clusterMonitor', db: 'admin' }] });

This command creates a new user named monitorUser in the admin database, assigns them the clusterMonitor role, and sets their password. Replace 'password' with a secure password of your choosing.

Updating an Existing User to Include the clusterMonitor Role

If you already have a user created and wish to add the clusterMonitor role to them, you can use the following command:

use admin; db.updateUser('existingUser', { $addToSet: { roles: { role: 'clusterMonitor', db: 'admin' } } });

This updates an existing user named existingUser by adding the clusterMonitor role to their list of roles. Ensure that existingUser is replaced with the actual name of the user you wish to update.

Considerations

  • The commands above should be run in the admin database context (use admin), as role assignments are typically managed at this level for cluster-wide roles.
  • Always ensure that access control is properly configured on your MongoDB cluster before adding users and assigning roles. This involves enabling authentication and properly configuring network access controls.
  • The clusterMonitor role provides broad, read-only access to many aspects of the MongoDB cluster. Be cautious about who is granted this role to maintain security and privacy.

By carefully managing roles like clusterMonitor, you can ensure that your MongoDB cluster is both secure and efficiently monitored.

Was this content helpful?

White Paper

Free System Design on AWS E-Book

Download this early release of O'Reilly's latest cloud infrastructure e-book: System Design on AWS.

Free System Design on AWS E-Book

Switch & save up to 80% 

Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement. Instantly experience up to a 25X boost in performance and 80% reduction in cost