<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:32:25 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-13647] root role does not contain sufficient privileges for a mongorestore of a system with security enabled</title>
                <link>https://jira.mongodb.org/browse/SERVER-13647</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The &quot;root&quot; role is lacking several privileges present in &quot;restore&quot; role, such as the ability to insert directly into the system.users, system.roles, and system.version collections.  These privileges are necessary to be able to use mongorestore to restore a system with authorization enabled, however granting them to the &quot;root&quot; role is also potentially problematic as it would allow users with the &quot;root&quot; role to manipulate admin.system.users, bypassing the safety checks present in the user management commands.&lt;/p&gt;

&lt;p&gt;If you try to use the &quot;root&quot; role to do a mongorestore when the dump contains system.users, system.roles or system.version entries, you will get an error like the following:&lt;/p&gt;

&lt;p&gt;mongorestore -u admin -p &amp;lt;pass&amp;gt; --drop -h 127.0.0.1:27017 &quot;/mongodb_data_bak/backup&quot;&lt;br/&gt;
connected to: 127.0.0.1:27017&lt;br/&gt;
2014-04-17T20:44:54.647+0000    going into namespace &lt;span class=&quot;error&quot;&gt;&amp;#91;admin.system.version&amp;#93;&lt;/span&gt;&lt;br/&gt;
Restoring to admin.system.version without dropping. Restored data will be inserted without raising errors; check your server log&lt;br/&gt;
1 objects found&lt;br/&gt;
2014-04-17T20:44:54.648+0000    Creating index: { key: &lt;/p&gt;
{ _id: 1 }
&lt;p&gt;, name: &quot;&lt;em&gt;id&lt;/em&gt;&quot;, ns: &quot;admin.system.version&quot; }&lt;br/&gt;
Error creating index admin.system.version: 13 err: &quot;not authorized to create index on admin.system.version&quot;&lt;br/&gt;
Aborted (core dumped)&lt;/p&gt;</description>
                <environment></environment>
        <key id="131880">SERVER-13647</key>
            <summary>root role does not contain sufficient privileges for a mongorestore of a system with security enabled</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="merry.mou">Merry Mou</assignee>
                                    <reporter username="dharshanr@scalegrid.net">Dharshan Rangegowda</reporter>
                        <labels>
                    </labels>
                <created>Thu, 17 Apr 2014 20:57:27 +0000</created>
                <updated>Wed, 22 Mar 2017 15:27:09 +0000</updated>
                            <resolved>Wed, 26 Aug 2015 18:13:49 +0000</resolved>
                                    <version>2.6.0</version>
                    <version>3.0.4</version>
                                    <fixVersion>3.0.7</fixVersion>
                    <fixVersion>3.1.8</fixVersion>
                                    <component>Security</component>
                    <component>Tools</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="1018557" author="xgen-internal-githook" created="Mon, 31 Aug 2015 19:30:38 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;name&apos;: u&apos;Merry Mou&apos;, u&apos;email&apos;: u&apos;merry.mou@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-13647&quot; title=&quot;root role does not contain sufficient privileges for a mongorestore of a system with security enabled&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-13647&quot;&gt;&lt;del&gt;SERVER-13647&lt;/del&gt;&lt;/a&gt; give restore privileges to root&lt;br/&gt;
Branch: v3.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/59ec1ed062e13ff77a17f4a3480bcd0f98e38efc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/59ec1ed062e13ff77a17f4a3480bcd0f98e38efc&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1012138" author="xgen-internal-githook" created="Fri, 21 Aug 2015 20:07:02 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;name&apos;: u&apos;Merry Mou&apos;, u&apos;email&apos;: u&apos;merry.mou@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-13647&quot; title=&quot;root role does not contain sufficient privileges for a mongorestore of a system with security enabled&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-13647&quot;&gt;&lt;del&gt;SERVER-13647&lt;/del&gt;&lt;/a&gt; give restore privileges to root&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/0c695aa1e879af482dc3aea4768dbda223ff4592&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/0c695aa1e879af482dc3aea4768dbda223ff4592&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="942669" author="kay.agahd@idealo.de" created="Wed, 17 Jun 2015 07:41:54 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer&quot; class=&quot;user-hover&quot; rel=&quot;spencer&quot;&gt;spencer&lt;/a&gt; it&apos;s great to hear that &lt;tt&gt;restore&lt;/tt&gt; privileges are granted to the &lt;tt&gt;root&lt;/tt&gt; role! Also, &quot;make mongorestore warn if it is restoring old-style user documents that will be ignored by a current version of mongodb&quot; helps the user to understand what happened. &lt;br/&gt;
Besides this, it&apos;s still time consuming to dump/restore a complete dbs with many databases, each one having many users, because each db needs to be dumped separately with the &lt;tt&gt;--dumpDbUsersAndRoles&lt;/tt&gt; option in order to have users included (see &lt;a href=&quot;https://jira.mongodb.org/browse/TOOLS-760&quot; title=&quot;can&amp;#39;t restore users&quot; class=&quot;issue-link&quot; data-issue-key=&quot;TOOLS-760&quot;&gt;&lt;del&gt;TOOLS-760&lt;/del&gt;&lt;/a&gt;) or did I miss something?&lt;/p&gt;</comment>
                            <comment id="942387" author="spencer" created="Tue, 16 Jun 2015 22:05:47 +0000"  >&lt;p&gt;By the way I went ahead and filed &lt;a href=&quot;https://jira.mongodb.org/browse/TOOLS-770&quot; title=&quot;Mongodump/mongorestore should warn if dumping/restoring legacy system.users collections in non-admin dbs&quot; class=&quot;issue-link&quot; data-issue-key=&quot;TOOLS-770&quot;&gt;TOOLS-770&lt;/a&gt; to make mongorestore warn if it is restoring old-style user documents that will be ignored by a current version of mongodb.&lt;/p&gt;</comment>
                            <comment id="942384" author="spencer" created="Tue, 16 Jun 2015 22:04:03 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kay.agahd%40idealo.de&quot; class=&quot;user-hover&quot; rel=&quot;kay.agahd@idealo.de&quot;&gt;kay.agahd@idealo.de&lt;/a&gt;,&lt;br/&gt;
Thank you for your input.  After some consideration and internal discussion, we have decided to re-open this ticket and grant all the privileges of the &quot;restore&quot; role to the &quot;root&quot; role.  &lt;/p&gt;

&lt;p&gt;When the &quot;restore&quot; role was first being designed it included some extra privileges that would make it easy for a user to accidentally corrupt their user and role definitions.  Since then, however, we have changed how mongorestore handles restoring user and role definitions and removed those dangerous privileges from the &quot;restore&quot; role.  It is always possible for a user with &quot;root&quot; to grant themselves the privilege to directly modify users and roles and thus corrupt the user and role definitions, but we wanted to avoid making it easy for someone to do so by accident.  Now that those privileges are not included in the &quot;restore&quot; role, we feel it is safe to grant the &quot;restore&quot; role&apos;s privileges to &quot;root&quot;.&lt;/p&gt;

&lt;p&gt;As for your comments on the behavior of mongorestore - if you have any suggestions to changes of behavior to mongorestore or documentation changes we could make to make the existing behavior clearer we&apos;d love to hear them!  For changes to mongorestore behavior please file a ticket in the TOOLS project, and for changes to documentation please file one in the DOCS project.&lt;/p&gt;

&lt;p&gt;Cheers,&lt;br/&gt;
-Spencer&lt;/p&gt;</comment>
                            <comment id="925653" author="kay.agahd@idealo.de" created="Thu, 28 May 2015 08:57:50 +0000"  >&lt;p&gt;I just discovered that we need the mongodump option &lt;tt&gt;--dumpDbUsersAndRoles&lt;/tt&gt; else users and roles won&apos;t be saved! mongodb documentation states (wrongly?) that the role &lt;tt&gt;backup&lt;/tt&gt; is needed to do this. However, the dump was working ok with an user that had only &lt;tt&gt;root&lt;/tt&gt; and &lt;tt&gt;restore&lt;/tt&gt; role assigned.&lt;/p&gt;

&lt;p&gt;For restoring the dump we needed the mongorestore option &lt;tt&gt;--restoreDbUsersAndRoles&lt;/tt&gt; else users and roles won&apos;t be restored. For doing this you&apos;ll need the role &lt;tt&gt;restore&lt;/tt&gt;, even as &lt;tt&gt;root&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;The above mentioned log from mongorestore, saying that users have been restored, is simply misleading, since users are not stored in &lt;tt&gt;system.users&lt;/tt&gt; anymore. The database we were dumping from was v2.6.4, thus users are stored already in the admin database, not in &lt;tt&gt;system.users&lt;/tt&gt;. The &lt;tt&gt;system.users&lt;/tt&gt; collections on this v2.6.4 database seems to be an survival from an earlier mongodb version, which caused some misleading information that I&apos;ve posted above.&lt;/p&gt;

&lt;p&gt;Perhaps some users may benefit from my experiences.&lt;br/&gt;
However, &lt;tt&gt;root&lt;/tt&gt; should &lt;b&gt;never&lt;/b&gt; need to add more roles to gain more privileges since &lt;tt&gt;root&lt;/tt&gt; should have them all already!&lt;/p&gt;</comment>
                            <comment id="925627" author="kay.agahd@idealo.de" created="Thu, 28 May 2015 07:53:30 +0000"  >&lt;p&gt;&quot;Won&apos;t fix, workes as designed?&quot; Root should be always root! Why do we need to add still more priviliges to root? Root should have them &lt;b&gt;all&lt;/b&gt; already! Do we need to add still more roles than just &lt;tt&gt;restore&lt;/tt&gt; to the root user to have &lt;b&gt;all&lt;/b&gt; privileges or is the &lt;tt&gt;restore&lt;/tt&gt; role the one and only that was missing?&lt;/p&gt;

&lt;p&gt;Spencer, thanks for your explanation but I think simply not allowing to modify &lt;tt&gt;system.users&lt;/tt&gt; is not a (good) solution. Instead, mongorestore should be smart enough to restore the old user format into the new format. With your &quot;solution&quot;, even with the extra role &lt;tt&gt;restore&lt;/tt&gt; enabled, users won&apos;t be restored in the right place. &lt;br/&gt;
As you can see in the following log snippet, restore says that users got restored but &lt;tt&gt;show users&lt;/tt&gt; doesn&apos;t show any of them:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2015-05-27T18:19:00.838+0200	restoring offerStore_offermanager_dev2.system.users from file /data/dump_b30/offerStore_offermanager_dev2/system.users.bson&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2015-05-27T18:19:00.838+0200	restoring offerStore_offermanager_dev2.offer from file /data/dump_b30/offerStore_offermanager_dev2/offer.bson&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2015-05-27T18:19:00.845+0200	restoring indexes for collection offerStore_offermanager_dev2.system.users from metadata&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;2015-05-27T18:19:00.846+0200	finished restoring offerStore_offermanager_dev2.system.users&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;Mongo-Shell shows no users:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoDB shell version: 3.0.2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;connecting to: s516:27017/admin&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongos&amp;gt; use offerStore_offermanager_dev2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;switched to db offerStore_offermanager_dev2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongos&amp;gt; show users&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongos&amp;gt; db.version()&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;3.0.2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongos&amp;gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="558215" author="spencer" created="Mon, 21 Apr 2014 23:40:36 +0000"  >&lt;p&gt;Hi Dharshan,&lt;br/&gt;
Sorry for the confusion, I agree that the documentation is misleading at the moment - I&apos;ll make sure that gets fixed soon.&lt;/p&gt;

&lt;p&gt;The answer to your question requires some backstory.  In versions prior to 2.6 all user management was done by directly manipulating the system.users collections.  In 2.6 we changed things to discourage users from modifying system.users directly and instead recommend the use of the user management commands.  The advantage using the commands is that they can do additional safety checks to make sure the user modification is valid and makes sense.  For example, they can prevent you from creating a user with a non-existent role.  To make sure that users would use the commands and not modify system.users directly we restricted it so that most of the built-in roles, including the &quot;root&quot; role, do not allow direct modification of admin.system.users (or admin.system.roles or admin.system.version).  The problem is that mongorestore works by directly inserting BSON documents taken from the dump file into the target system, it does use the new user management commands.  As such, for the &quot;restore&quot; role to be usable by mongorestore, it had to have an exception and be given the right to insert directly into admin.system.users, admin.system.roles, and admin.system.version.  It is the only built-in role that has those privileges.&lt;/p&gt;


&lt;p&gt;And to answer your first question: yes, you can have both &quot;root&quot; and &quot;restore&quot;.&lt;/p&gt;

&lt;p&gt;Hopefully that clears things up, please let me know if any part of my explanation was unclear or if you have any further questions about this.&lt;/p&gt;</comment>
                            <comment id="558179" author="dharshanr@scalegrid.net" created="Mon, 21 Apr 2014 23:05:39 +0000"  >&lt;p&gt;Hi Spencer,&lt;/p&gt;

&lt;p&gt;Can I give the user both &quot;root&quot; and &quot;restore&quot; roles? The documentation led me to believe that &quot;root&quot; is the superset of all the privileges - which is why I was surprised that the root role does not have &quot;restore&quot; privileges on the admin db. If the &quot;root&quot; user can edit the collections in the admin db why not allow him to restore as well? &lt;/p&gt;</comment>
                            <comment id="558165" author="spencer" created="Mon, 21 Apr 2014 22:49:46 +0000"  >&lt;p&gt;Hi Dharshan, I have reproduced your problem and updated the ticket description with my findings.  For now, we recommended that you use the &quot;restore&quot; role in the admin database when using mongorestore, rather than the &quot;root&quot; role.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                        <issuelink>
            <issuekey id="232405">DOCS-6310</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="132494">DOCS-3233</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="208117">TOOLS-770</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="207027">TOOLS-760</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="41734" name="core.13738" size="60477440" author="dharshanr@scalegrid.net" created="Thu, 17 Apr 2014 20:57:27 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>10.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12451" key="com.atlassian.jira.plugin.system.customfieldtypes:multiversion">
                        <customfieldname>Backport Completed</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="15689">3.0.7</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 21 Apr 2014 22:49:46 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 24 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emily.hall</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 24 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>dharshanr@scalegrid.net</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>kay.agahd@idealo.de</customfieldvalue>
            <customfieldvalue>merry.mou</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlwjr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hreexr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>113223</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="629">Security 7 08/10/15</customfieldvalue>
    <customfieldvalue id="630">Security 8 08/28/15</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrp3h3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>