[SERVER-24432] Update clusterMonitor role support reading from local.sources Created: 07/Jun/16  Updated: 20/Nov/16  Resolved: 13/Jun/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.2.8, 3.3.9

Type: Improvement Priority: Major - P3
Reporter: John Morales Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: code-only
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Backport Completed:
Sprint: Security 16 (06/24/16)
Participants:

 Description   

The recommended security role for monitoring a MongoDB deployment is clusterMonitor, which includes the minimum required privilege to perform all necessary commands/queries to facilitate monitoring and discovering the deployment topology by Cloud / Ops Manager.

There's one slight gap however for master/slave deployments – the role does not allow reading the local.sources collection on secondaries.

Ideally this reading would also be permitted, which is otherwise preventing display of "replication lag" from slave to master, as well as discovering master's hostname and port.



 Comments   
Comment by Githook User [ 22/Jun/16 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@mongodb.com'}

Message: SERVER-24432 Add find on local.sources to clusterMonitor

(cherry picked from commit ce22832310994048040faea2cd6895975dc4c3c5)
Branch: v3.2
https://github.com/mongodb/mongo/commit/8da92eae6b84e6ba0a31f40478a891a05a9b5f53

Comment by Githook User [ 13/Jun/16 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@mongodb.com'}

Message: SERVER-24432 Add find on local.sources to clusterMonitor
Branch: master
https://github.com/mongodb/mongo/commit/ce22832310994048040faea2cd6895975dc4c3c5

Generated at Thu Feb 08 04:06:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.