Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11580

Revise 'Live Migrate Your Replica Set to Atlas' page

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Atlas
    • None

    Description

      Hi,

      This is for the documentation page Live Migrate Your Replica Set to Atlas.

      In Source Cluster Security section

      If the source cluster enforces authentication, create a user with the same name and password that exists on every shard and the config server replica set

      This sentence is unnecessary because this page is dedicated to replica set.

      Also in Source Cluster Security section

      The readWriteAnyDatabase and clusterAdmin built-in roles provide sufficient privilege for Atlas to perform the Live Migration procedure.

      It seems that we are suggesting unnecessarily broad roles. According to my test, the built-in role readAnyDatabase and clusterMonitor is enough (see below). There is no need of "write" and "admin" privileges.

      rs:PRIMARY> db.getUser('test')
      {
              "_id" : "admin.test",
              "user" : "test",
              "db" : "admin",
              "roles" : [
                      {
                              "role" : "clusterMonitor",
                              "db" : "admin"
                      },
                      {
                              "role" : "readAnyDatabase",
                              "db" : "admin"
                      }
              ]
      }
      

      Regards,
      Lungang

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            lungang.fang@mongodb.com Lungang Fang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              5 years, 44 weeks ago