← Back to MongoDB Mastery
Advanced22 min read

Administration

Manage users, roles, backups, monitoring, and routine cluster maintenance.

User Management

Create database users with createUser, assigning roles scoped to databases or collections. Follow least privilege—application users should not hold clusterAdmin or root roles.

Separate credentials for applications, operators, and read-only analytics. Rotate passwords and use x.509 or LDAP integration in enterprise environments.

db.createUser({
  user: "appUser",
  pwd: passwordPrompt(),
  roles: [{ role: "readWrite", db: "myapp" }]
})

Roles and Permissions

Built-in roles such as read, readWrite, dbAdmin, and clusterMonitor cover common cases. Custom roles combine specific privileges for finer control.

Audit role assignments regularly. In Atlas, use organization and project IAM integration with cloud provider identity for centralized access control.

  • readWriteAnyDatabase is rarely appropriate for application accounts
  • Use clusterMonitor for monitoring tools that need serverStats
  • Enable audit logging for compliance-sensitive environments

Backup and Restore

mongodump and mongorestore provide logical backups suitable for small to medium deployments. For large production systems, use filesystem snapshots, Cloud Provider snapshots, or Atlas continuous backup.

Test restore procedures regularly—an untested backup is not a backup. Point-in-time recovery requires oplog capture or Atlas PITR.

mongodump --uri="mongodb://host/myapp" --out=/backup/$(date +%F)
mongorestore --uri="mongodb://host/myapp" /backup/2024-06-01/myapp

Monitoring

Track key metrics: opcounters, connections, replication lag, cache hit ratio, queue lengths, and disk I/O. Atlas provides built-in dashboards; self-hosted deployments use Prometheus exporters or Ops Manager.

Set alerts on replication lag thresholds, disk usage above 80%, and step-down events. Correlate metrics with application release timelines when investigating regressions.

  • Use db.serverStatus() and db.stats() for quick health checks
  • Enable database profiler sparingly in production due to overhead
  • Review currentOp for long-running queries and blocked operations

Maintenance Operations

Compact collections offline or during maintenance windows to reclaim disk space on WiredTiger (Atlas handles this automatically). Reindex after corruption recovery or version upgrades when directed by runbooks.

Plan upgrades replica-set member by member to maintain quorum. Read release notes for compatibility changes affecting drivers and query behavior.

db.runCommand({ compact: "largeCollection" })

Get In Touch

Ready to discuss your next project? Drop me a message.