[DOCS-1536] Document roles required to run mongodump with authentication in MongoDB 2.4+ Created: 22/May/13  Updated: 20/Aug/13  Resolved: 15/Aug/13

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: João Abecasis Assignee: Zack Brown
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 10 years, 26 weeks, 2 days ago

 Description   

I suppose read or readAnyDatabase are required. Anything else?

This information should be noted here:

http://docs.mongodb.org/manual/reference/program/mongodump/#cmdoption-mongodump--username

, as was done for mongostat (DOCS-1496).



 Comments   
Comment by auto [ 19/Aug/13 ]

Author:

{u'username': u'Zackrobat', u'name': u'Zack Brown', u'email': u'zack.brown@10gen.com'}

Message: DOCS-1536: Document roles required to run mongodump with authentication in MongoDB 2.4+

Signed-off-by: Sam Kleinman <samk@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/2ed0e98244221f3c61af5f4392f0771b13d61057

Comment by João Abecasis [ 30/Jul/13 ]

If profiling is enabled in any database, you may also need dbAdminAnyDatabase privileges. I was seeing this symptom without that privilege on the user running mongodump:

Tue Jul 30 20:53:48.140 	<db-name>.system.profile to dump/<db-name>/system.profile.bson
assertion: 11010 count fails:{ ok: 0.0, errmsg: "unauthorized" }

With the dump ending abruptly.

Comment by Linda Qin [ 24/May/13 ]
Databases/collections to dump Minimum privileges required
Any collection except system.users read
A database including all collections read and userAdmin
All the databases readAnyDatabase, userAdminAnyDatabase, and clusterAdmin

To dump a collection in a database, we only require that the user has read privilege for this database.

To dump a specified database, we need read privilege and userAdmin privilege if the database contains system.users collection.

To dump all the databases, we need readAnyDatabase, userAdminAnyDatabase, and clusterAdmin privileges. We need the clusterAdmin privilege to do the listDatabases operation.

Generated at Thu Feb 08 07:41:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.