[SERVER-31754] The built-in "backup" role needs read access to the "admin.system.keys" collection Created: 27/Oct/17  Updated: 27/Oct/23  Resolved: 30/Oct/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.6.0-rc0
Fix Version/s: None

Type: Bug Priority: Blocker - P1
Reporter: Steve Briskin (Inactive) Assignee: Spencer Jackson
Resolution: Works as Designed Votes: 0
Labels: on-prem-3.5.6
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2017-11-13
Participants:

 Description   

The built-in backup role needs read access to the admin.system.keys collection for the backup agent.



 Comments   
Comment by Spencer Jackson [ 30/Oct/17 ]

I believe this collection does not need to be backed up, and can be blacklisted from backups. Based off manual testing and a conversation with misha.tyulenev, keys in admin.system.keys are regenerated if the collection does not exist. The newly restored cluster would then have independent clusterTimes from the original.

I'm going to close this ticket.

Generated at Thu Feb 08 04:28:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.