[DOCS-11580] Revise 'Live Migrate Your Replica Set to Atlas' page Created: 12/Apr/18  Updated: 29/Oct/23  Resolved: 23/May/18

Status: Closed
Project: Documentation
Component/s: Atlas
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Lungang Fang Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to DOCS-11581 Revise permissions to Live migrate a ... Closed
Participants:
Days since reply: 5 years, 44 weeks ago
Epic Link: DOCSP-1743

 Description   

Hi,

This is for the documentation page Live Migrate Your Replica Set to Atlas.

In Source Cluster Security section

If the source cluster enforces authentication, create a user with the same name and password that exists on every shard and the config server replica set

This sentence is unnecessary because this page is dedicated to replica set.

Also in Source Cluster Security section

The readWriteAnyDatabase and clusterAdmin built-in roles provide sufficient privilege for Atlas to perform the Live Migration procedure.

It seems that we are suggesting unnecessarily broad roles. According to my test, the built-in role readAnyDatabase and clusterMonitor is enough (see below). There is no need of "write" and "admin" privileges.

rs:PRIMARY> db.getUser('test')
{
        "_id" : "admin.test",
        "user" : "test",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "clusterMonitor",
                        "db" : "admin"
                },
                {
                        "role" : "readAnyDatabase",
                        "db" : "admin"
                }
        ]
}

Regards,
Lungang


Generated at Thu Feb 08 08:03:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.