-
Type: Bug
-
Resolution: Done
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: mongomirror
-
Labels:None
While at a customer we followed the steps as described in the "Migrate with MongoMirror" page:
https://docs.atlas.mongodb.com/import/mongomirror/#set-up-mongodb-user-in-the-target-service-cluster
In step 2 Setup MongoDB user in the target Atlas cluster the discription is ambiguous, and can lead to a migration to fail.
"To run mongomirror, you must specify a MongoDB user that has readWriteAnyDatabase and dbAdminAnyDatabase privileges in the Atlas cluster. For example, a user with Atlas admin role provides these privileges."
The above state that you only need readWriteAnyDatabase and dbAdminAnyDatabase. When you only have there you cannot apply the oplog to the destination, and the migration fail before writing a token to be able to continue, this could be a time sink, as the initial sync has to be restarted.
According to the mongoMirror reference documents it states Atlas Admin role has the appropriate privilages: (https://docs.atlas.mongodb.com/reference/mongomirror/#destination-authorization)
"You must specify an Atlas MongoDB user with the Atlas admin role to run mongomirror. See Add MongoDB Users for documentation on creating an Atlas MongoDB user."
I suggest changing the wording in the "Migrate with MongoMirror" to the following to avoid confusion:
"To run mongomirror, you must specify a MongoDB user Atlas admin role."