[DOCS-1423] Update MMS agent documentation for required set of Mongo 2.4 auth roles Created: 22/Apr/13  Updated: 30/May/13  Resolved: 30/May/13

Status: Closed
Project: Documentation
Component/s: Cloud Manager
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: John Morales Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 10 years, 37 weeks, 6 days ago

 Description   

The MMS agent requires elevated privileges to collect all the performance data against a MongoDB 2.4 node with authentication enabled.

From Google Groups it seems users are assuming the 'userAdminAnyDatabase' role from the setup tutorial here will be enough
http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/

I'll follow up here with bare minimum set required.



 Comments   
Comment by auto [ 30/May/13 ]

Author:

{u'username': u'schmalliso', u'name': u'schmalliso', u'email': u'allison.moore@10gen.com'}

Message: DOCS-1423 adding documentation of auth roles required for Mongo 2.4

DOCS-1423 adding documentation of auth roles required for Mongo 2.4
Branch: master
https://github.com/10gen/mms-docs/commit/99f53de1b6f1ad18205a480021898e577aaaf655

Comment by auto [ 30/May/13 ]

Author:

{u'username': u'schmalliso', u'name': u'schmalliso', u'email': u'allison.moore@10gen.com'}

Message: DOCS-1423 adding documentation of auth roles required for Mongo 2.4

DOCS-1423 adding documentation of auth roles required for Mongo 2.4
Branch: master
https://github.com/10gen/mms-docs/commit/99f53de1b6f1ad18205a480021898e577aaaf655

Comment by John Morales [ 20/May/13 ]

Indeed I've tested on my own account - the minimum set of roles required are: clusterAdmin and readAnyDatabase.

Comment by Sam Kleinman (Inactive) [ 10/May/13 ]

userAdminAnyDatabase is probably too much...

clusterAdmin + some amount of read database (readAnyDatabase will work, but not sure if the agent would need that much)

Probably best to test this...

Assigning the ticket back to you.

Generated at Thu Feb 08 07:40:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.