Before ingesting MongoDB metadata into Dawiso, prepare your account for authentication by configuring access to MongoDB with the necessary permissions.

Connection configuration

The following information is needed:

  • Your MongoDB environment hostname
  • MongoDB account
  • MongoDB account password

Connection prerequisite: Enable internet access to MongoDB

Whether you use MongoDB on your own servers or via a cloud provider, ensure your MongoDB firewall allows connections from Dawiso Integration Runtime (DIR).

Contact your account manager to:

  • For on-premises MongoDB metadata ingestion: Get mmore information on DIR.
  • For instances hosted through MongoDB itself: To obtain the Dawiso ingestion server IP address.
Tip

To ingest metadata from your on-premises sources, make sure to whitelist Dawiso IP address for Dawiso to connect to your internal sources (pull method). The same IP should be whitelisted for Dawiso Integration Runtime (DIR) to send data from your on-premises infrastructure to Dawiso cloud (push method).

To obtain the Dawiso IP address, contact your key Account Manager at Dawiso.

To whitelist Dawiso IP address in your firewall settings:

  1. Navigate to your MongoDB administration panel and select the Project and Cluster you wish to connect to.
  2. In the left panel, click on Network Access.
  3. Insert the IP address of Dawiso ingestion servers and label it, e.g. Dawiso Reader Firewall Rule.

Retrieve MongoDB hostname

To connect to your self-hosted MongoDB instance, use your assigned hostname.

To obtain your MongoDB hostname URL:

  1. Navigate to your MongoDB administration panel and select the Project and Cluster you wish to connect to.
  2. After selecting the cluster, click Connect
  3. Select whichever category on the Connect to… screen. For example, select Shell.
  4. Your connection string with the hostname URL will become visible as a code snippet. The hostname URL will have the following format: cluster_name.region.hostname.net.
  5. Copy your hostname for later use.

For example, the hostname from the following code snippet is cluster0.ab1cd2.hostname.net:

mongosh "mongodb+srv://cluster0.ab1cd2.mongodb.net/" --apiVersion 1 --username your_current_username

Create a new user for metadata ingestion

Make sure the cluster that holds your databases is selected.

  1. In the left-side panel, under Security, choose Database Access.
  2. Click + Add New Database User.
  3. For the Authentication Method, select Password.
    1. Name your service account, for example, dawiso_reader.
    2. Fill in the password (we recommend using the Autogenerate Secure Password feature).
  4. In the Database User Privileges step, open the Built-in Role section,
  5. Click Add Built in Role and select Only read any database.
  6. [Optional] If you want to limit which clusters and resources this user should be allowed to access, toggle Restrict Access to Specific Clusters / Federated Database Instances and select specific permissions.
  7. Click Add user to finish the setup.
Tip

Make sure to save the newly created account name and password.

Alternative: Select databases to access

To allow access only to specific databases or collections, you can create a new user role with specific permissions. Make sure the cluster that holds your databases is selected.

First, create a new custom role.

  1. In the left-side panel, under Security, choose Database Access. Switch to the Custom Roles tab.

  2. Click Add New Custom Role and fill in its name, for example, dawiso_reader_role.

  3. Grant the following minimum read-level privileges to the new custom role (you can use the search field to look them up).

    • From the Global Actions and Rolescategory, add:
      • ` listDatabases 
      •   listCollections
    • From the Collection Actionscategory, add:
      • ` collStats 
      •   find

  4. Specify which specific databases and collections these permissions should apply to. To apply them to all collections within a database, leave the collection field empty.

  5. Click Add Custom Role to finish the setup.

Then, assign the role to your service account:

  1. On the Database Access page, switch back to the Database Users tab.
  2. Click the pen button on the right-side of an existing user to edit it, or create a new one using the Password authentication method.
  3. In the Database User Privileges step, open the Custom Roles section.
  4. From the drop-down, select your newly created custom role (e.g., dawiso_reader_role).
  5. [Optional] If you want to limit which clusters and resources this user should be allowed to access, toggle Restrict Access to Specific Clusters / Federated Database Instances and select specific permissions.
  6. Click Add user to finish the setup.