[DOCS-1960] Document roles needed to use tools with auth enabled Created: 16/Sep/13  Updated: 30/Oct/23  Resolved: 16/Mar/15

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Daniel Pasette (Inactive) Assignee: Allison Reinheimer Moore
Resolution: Done Votes: 1
Labels: security-review
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-10750 Minimum roles required to run mongore... Closed
Related
related to DOCS-1965 Document the authorization roles need... Closed
Participants:
Days since reply: 8 years, 48 weeks, 1 day ago

 Description   

This was already done for mongodump, but not for mongorestore, et al.



 Comments   
Comment by Githook User [ 17/Mar/15 ]

Author:

{u'username': u'schmalliso', u'name': u'Allison Moore', u'email': u'allison.moore@10gen.com'}

Message: DOCS-1960: updates mongoexport, mongoimport, mongofiles with auth reqs

  • updates mongoexport, mongoimport, mongorestore, mongodump,
    and mongofiles to include the
    permissions required to run them against a mongodb database
    with auth enabled
  • pulls out-of-date 'building the tools' section from mongosniff
  • adds item to compatibility notes about deprecation of --journal
    for tools
  • updates backup with mongodump tutorial to not use deprecated option
    Branch: master
    https://github.com/mongodb/docs/commit/27e99a62fd2946f364f095f21a9fd9336dc31953
Comment by Gianfranco Palumbo [ 16/Sep/13 ]

"userAdmin" is the role needed to restore user data to a single database
"readWrite" is the role needed to write normal data to a single database
"readWriteAnyDatabase" is the role needed to restore any/all databases
"userAdminAnyDatabase" is the role needed to restore user data to any/all databases

So this would work to restore a single database:

db.addUser( {
    user: "restoreSingleDB",
    pwd: "Moon1234",
    roles: [ "readWrite", "userAdmin" ]
} )

mongorestore --db <database> --username restoreSingleDB --password Moon1234 <directory>/<database dump>

So this would work to restore all databases including user data:

db.addUser( {
    user: "restoreAll",
    pwd: "Moon1234",
    roles: [ "readWriteAnyDatabase", "userAdminAnyDatabase" ]
} )

mongorestore --username restoreAll --password Moon1234 <directory>/<database dump>

Unfortunately, if you want to restore only the normal data and ignore the user data, you have to run the command one db at a time. This is probably a feature request.

Generated at Thu Feb 08 07:42:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.