Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24432

Update clusterMonitor role support reading from local.sources

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.2.8, 3.3.9
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
    • Fully Compatible
    • Security 16 (06/24/16)

      The recommended security role for monitoring a MongoDB deployment is clusterMonitor, which includes the minimum required privilege to perform all necessary commands/queries to facilitate monitoring and discovering the deployment topology by Cloud / Ops Manager.

      There's one slight gap however for master/slave deployments – the role does not allow reading the local.sources collection on secondaries.

      Ideally this reading would also be permitted, which is otherwise preventing display of "replication lag" from slave to master, as well as discovering master's hostname and port.

            andreas.nilsson Andreas Nilsson
            john.morales@mongodb.com John Morales
            0 Vote for this issue
            4 Start watching this issue