Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11580

Revise 'Live Migrate Your Replica Set to Atlas' page

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Atlas
    • Labels:
      None

      Hi,

      This is for the documentation page Live Migrate Your Replica Set to Atlas.

      In Source Cluster Security section

      If the source cluster enforces authentication, create a user with the same name and password that exists on every shard and the config server replica set

      This sentence is unnecessary because this page is dedicated to replica set.

      Also in Source Cluster Security section

      The readWriteAnyDatabase and clusterAdmin built-in roles provide sufficient privilege for Atlas to perform the Live Migration procedure.

      It seems that we are suggesting unnecessarily broad roles. According to my test, the built-in role readAnyDatabase and clusterMonitor is enough (see below). There is no need of "write" and "admin" privileges.

      rs:PRIMARY> db.getUser('test')
{
        "_id" : "admin.test",
        "user" : "test",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "clusterMonitor",
                        "db" : "admin"
                },
                {
                        "role" : "readAnyDatabase",
                        "db" : "admin"
                }
        ]
}

      Regards,
      Lungang

            Assignee:
            kay.kim@mongodb.com Kay Kim (Inactive)
            Reporter:
            lungang.fang@mongodb.com Lungang Fang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              6 years, 3 weeks ago