DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Comparing Cloud Hosting vs. Self Hosting
  • Security Challenges for Microservice Applications in Multi-Cloud Environments
  • What ChatGPT Needs Is Context
  • Revolutionizing Algorithmic Trading: The Power of Reinforcement Learning

Trending

  • Comparing Cloud Hosting vs. Self Hosting
  • Security Challenges for Microservice Applications in Multi-Cloud Environments
  • What ChatGPT Needs Is Context
  • Revolutionizing Algorithmic Trading: The Power of Reinforcement Learning
  1. DZone
  2. Data Engineering
  3. Databases
  4. MongoDB Index Builds – Preventing Users From Triggering New Builds

MongoDB Index Builds – Preventing Users From Triggering New Builds

Remove the ''CreateIndex'' privilege from most of your users so that they cannot accidentally trigger an index build from the MongoDB CLI.

Dharshan Rangegowda user avatar by
Dharshan Rangegowda
·
Jul. 06, 20 · Tutorial
Like (2)
Save
Tweet
Share
4.37K Views

Join the DZone community and get the full member experience.

Join For Free

Index builds on MongoDB production clusters need to be handled with the utmost care. We have documented the issues in detail in one of our previous blog posts - The Perils of Building Indexes on MongoDB.

Depending on the size of your data, both foreground and background builds can bring your cluster down. So, how do you prevent your users from accidentally triggering index builds from the MongoDB CLI? The short answer is that you cannot. However, what you can do is remove the "CreateIndex" privilege from most of your users so that they cannot accidentally trigger an index build from the CLI. There should be very few users in your system who have access to write data to the database. Among these users, even fewer should have permission to build indexes. For a primer on how to use MongoDB roles, please refer to the documentation - Manage Users and Roles.

The best option to implement this is to create your own custom role and remove the ‘CreateIndex’ privilege for your users. However, we did not want to build the list of permissions by hand since this will be different for each context and possibly MongoDB version. We put together this small script to use one of the existing built-in roles, and removed the ‘CreateIndex’ privilege from this role. In this example, we are using the builtin "readWrite" role and removing the "CreateIndex' privilege from this role:

Java
 




xxxxxxxxxx
1


 
1
var privs = db.getRole('readWrite',{ showPrivileges: true });
2
privs.privileges.forEach(function (item, index) {
3
  var index = item.actions.indexOf("createIndex");
4
  if (index !== -1) item.actions.splice(index, 1);
5
});
6
db.createRole({role:"readWriteNoIndex",privileges:privs.privileges,roles:[]});


  1. Save the contents of the code snippet as createRole.js.
  2. Run the script using the syntax below:
Java
 




x


 
1
mongo -u <user> -p <p> <host>:27017/<db name> --authenticationDatabase admin createRole.js


Once the role is created, you can use this role to create users going forward.


More Tips for You

How to Create Case-Insensitive Indexes in MongoDB

Case-insensitive indexes support queries that perform string comparisons without regard to the letter case. Collation gives you the ability to specify language-specific rules for string comparison. Learn more


How to Stop a Runaway Index Build in MongoDB

Index builds in MongoDB can have an adverse impact on the availability of your cluster. If you trigger a foreground index build on a large collection, your cluster may be unresponsive until the index build is complete. Learn more


MongoDB Regex, Index and Performance

MongoDB supports regular expressions using the $regex operator. However these MongoDB regex queries have a downside, all but one type of regex makes poor use of indexes and results in performance problems. Learn more

Build (game engine) MongoDB

Published at DZone with permission of Dharshan Rangegowda, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Comparing Cloud Hosting vs. Self Hosting
  • Security Challenges for Microservice Applications in Multi-Cloud Environments
  • What ChatGPT Needs Is Context
  • Revolutionizing Algorithmic Trading: The Power of Reinforcement Learning

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: