[SERVER-24432] Update clusterMonitor role support reading from local.sources Created: 07/Jun/16 Updated: 20/Nov/16 Resolved: 13/Jun/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.2.8, 3.3.9 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | John Morales | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | code-only | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Backport Completed: | |
| Sprint: | Security 16 (06/24/16) |
| Participants: |
| Description |
|
The recommended security role for monitoring a MongoDB deployment is clusterMonitor, which includes the minimum required privilege to perform all necessary commands/queries to facilitate monitoring and discovering the deployment topology by Cloud / Ops Manager. There's one slight gap however for master/slave deployments – the role does not allow reading the local.sources collection on secondaries. Ideally this reading would also be permitted, which is otherwise preventing display of "replication lag" from slave to master, as well as discovering master's hostname and port. |
| Comments |
| Comment by Githook User [ 22/Jun/16 ] |
|
Author: {u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@mongodb.com'}Message: (cherry picked from commit ce22832310994048040faea2cd6895975dc4c3c5) |
| Comment by Githook User [ 13/Jun/16 ] |
|
Author: {u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@mongodb.com'}Message: |