-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Atlas
-
Labels:None
Hi,
This is for the documentation page Live Migrate Your Replica Set to Atlas.
In Source Cluster Security section
If the source cluster enforces authentication, create a user with the same name and password that exists on every shard and the config server replica set
This sentence is unnecessary because this page is dedicated to replica set.
Also in Source Cluster Security section
The readWriteAnyDatabase and clusterAdmin built-in roles provide sufficient privilege for Atlas to perform the Live Migration procedure.
It seems that we are suggesting unnecessarily broad roles. According to my test, the built-in role readAnyDatabase and clusterMonitor is enough (see below). There is no need of "write" and "admin" privileges.
rs:PRIMARY> db.getUser('test') { "_id" : "admin.test", "user" : "test", "db" : "admin", "roles" : [ { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "readAnyDatabase", "db" : "admin" } ] }
Regards,
Lungang
- is related to
-
DOCS-11581 Revise permissions to Live migrate a sharded cluster
- Closed