MongoDB controls who gets in. 3T Interceptor Proxy controls what they can do once they’re in
The 3T Interceptor Proxy sits in the connection path between every MongoDB client and your database. It checks every operation against central policy and allows or denies it before it reaches the database. No code changes required, and full audit log coverage for each operation.
MongoDB’s access controls tell you who can connect. They can’t tell you what each query is actually doing.
MongoDB RBAC gives a yes or no on an action, whether find() is permitted or not. It has nothing to say about whether a find() without a limit is acceptable, or whether a query returning two million records at midnight should be allowed through. That distinction is where the risk lives. And for teams under DORA, GDPR, HIPAA, or PCI, it’s where the audit gap lives too.
Stop risky queries before they hit production
Every query, from desktop tools, pipelines, and developer sessions, reaches your MongoDB estate through the same wire, and nothing can say no without asking teams to change how they work. The 3T Governance Proxy enforces conditions at the connection: find() only with a limit, specific collections off-limits to certain roles, every operation logged in real time.
Give your auditors the answers they need to see
You need to prove every query is within policy. That proof can be hard to produce, as your logs show the connection, not the query. The 3T Interceptor Proxy changes that: every operation is checked against a single rulebook, and the decision — allow or deny — is logged. Each customer runs their own copy in their own infrastructure, and no shared cloud service ever sees your queries.
Get data governance
Control
Every MongoDB operation — from every client — checked against central policy before it reaches the database.
Validate
All allow and deny decisions are logged in real time, against the policy that made them.
Prove
A basis for demonstrating to auditors what was permitted, what was blocked, and why.
Where we are today
The 3T Interceptor Proxy is a functional proof-of-concept. We are building it in the open, and we’re looking for MongoDB organizations in regulated industries who want to shape what it becomes. If that sounds like you, we’d like to talk.
