Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24432

Update clusterMonitor role support reading from local.sources

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.8, 3.3.9
    • Component/s: Security
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:
    • Sprint:
      Security 16 (06/24/16)

      Description

      The recommended security role for monitoring a MongoDB deployment is clusterMonitor, which includes the minimum required privilege to perform all necessary commands/queries to facilitate monitoring and discovering the deployment topology by Cloud / Ops Manager.

      There's one slight gap however for master/slave deployments – the role does not allow reading the local.sources collection on secondaries.

      Ideally this reading would also be permitted, which is otherwise preventing display of "replication lag" from slave to master, as well as discovering master's hostname and port.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: