Suppose we have a sharded cluster having a sharded collection employee

1.	Suppose we have a sharded cluster having a sharded collection employee sharded on key employee id having below chunk distribution:
Answer» In MongoDB we have Built-in roles as well as custom roles. Built-in roles already have pre-defined access associated with them. We can assign these roles directly to users or groups for access. To run mongostat we would require access to run the server STATUS on the server. Built-in role cluster monitor comes with required access for the same. Custom roles or user-defined roles are the ones where we have to manually define access actions to a particular resource. MongoDB provides method db.createRole() for CREATING user-defined roles. These roles can be created in a specific database as MongoDB uses a combination of database and role name to uniquely define the role. We will create a custom role mongostatRole that provides only the PRIVILEGES to run mongostat. First, we NEED to connect to mongod or mongos to the admin database with a user that has privileges to create roles in the admin as well as other databases. mongo --port 27017 -u admin -p 'abc***' --authenticationDatabase 'admin' Now we will create a desired custom role in the admin database. use admin db.createRole( role: "mongostatRole", privileges: [ {resource: { cluster: true }, actions: [ "serverStatus" ] } ], roles: [] ) This role can now be ASSIGNED to members of monitoring team.

Suppose we have a sharded cluster having a sharded collection employee sharded on key employee id having below chunk distribution:

Answer»

In MongoDB we have Built-in roles as well as custom roles. Built-in roles already have pre-defined access associated with them. We can assign these roles directly to users or groups for access. To run mongostat we would require access to run the server STATUS on the server.

Built-in role cluster monitor comes with required access for the same.

Custom roles or user-defined roles are the ones where we have to manually define access actions to a particular resource. MongoDB provides method db.createRole() for CREATING user-defined roles. These roles can be created in a specific database as MongoDB uses a combination of database and role name to uniquely define the role.

We will create a custom role mongostatRole that provides only the PRIVILEGES to run mongostat.

First, we NEED to connect to mongod or mongos to the admin database with a user that has privileges to create roles in the admin as well as other databases.

mongo --port 27017 -u admin -p 'abc***' --authenticationDatabase 'admin'

Now we will create a desired custom role in the admin database.

use admin db.createRole( role: "mongostatRole", privileges: [ {resource: { cluster: true }, actions: [ "serverStatus" ] } ], roles: [] )

This role can now be ASSIGNED to members of monitoring team.

Suppose we have a sharded cluster having a sharded collection employee sharded on key employee id having below chunk distribution:

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment