|
Hi,
This is for the documentation page Live Migrate Your Replica Set to Atlas.
If the source cluster enforces authentication, create a user with the same name and password that exists on every shard and the config server replica set
This sentence is unnecessary because this page is dedicated to replica set.
The readWriteAnyDatabase and clusterAdmin built-in roles provide sufficient privilege for Atlas to perform the Live Migration procedure.
It seems that we are suggesting unnecessarily broad roles. According to my test, the built-in role readAnyDatabase and clusterMonitor is enough (see below). There is no need of "write" and "admin" privileges.
rs:PRIMARY> db.getUser('test')
|
{
|
"_id" : "admin.test",
|
"user" : "test",
|
"db" : "admin",
|
"roles" : [
|
{
|
"role" : "clusterMonitor",
|
"db" : "admin"
|
},
|
{
|
"role" : "readAnyDatabase",
|
"db" : "admin"
|
}
|
]
|
}
|
Regards,
Lungang
|