[SERVER-31754] The built-in "backup" role needs read access to the "admin.system.keys" collection Created: 27/Oct/17 Updated: 27/Oct/23 Resolved: 30/Oct/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 3.6.0-rc0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Blocker - P1 |
| Reporter: | Steve Briskin (Inactive) | Assignee: | Spencer Jackson |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | on-prem-3.5.6 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Sprint: | Platforms 2017-11-13 | ||||||||
| Participants: | |||||||||
| Description |
|
The built-in backup role needs read access to the admin.system.keys collection for the backup agent. |
| Comments |
| Comment by Spencer Jackson [ 30/Oct/17 ] |
|
I believe this collection does not need to be backed up, and can be blacklisted from backups. Based off manual testing and a conversation with misha.tyulenev, keys in admin.system.keys are regenerated if the collection does not exist. The newly restored cluster would then have independent clusterTimes from the original. I'm going to close this ticket. |