Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
None
-
None
-
None
-
1
-
Yes
-
No
-
No
-
Server Features
Description
Problem:
In our MongoDB monitoring docs we describe a set of permissions needed for monitoring. This is enough for monitoring but not enough for Backup to happen. The user would get an error during a backup due to a lack of permissions. We should highlight that if a user wants to do backups for Mongo he/she should add more permissions for a user used for pmm-admin add mongodb command.
Set of permissions needed:
db.getSiblingDB("admin").createRole({ role: "explainRole", privileges: [{ resource: { db: "", collection: "" }, actions: [ "listIndexes", "listCollections", "dbStats", "dbHash", "collStats", "find" ] }], roles:[] }) db.getSiblingDB("admin").createRole({ "role": "pbmAnyAction", "privileges": [ { "resource": { "anyResource": true }, "actions": [ "anyAction" ] } ], "roles": [] }); // If user do not exists: db.getSiblingDB("admin").createUser({ user: "pmm", pwd: "pmm", roles: [ { role: "explainRole", db: "admin" }, { role: "clusterMonitor", db: "admin" }, { role: "read", db: "local" }, { "db" : "admin", "role" : "readWrite", "collection": "" }, { "db" : "admin", "role" : "backup" }, { "db" : "admin", "role" : "clusterMonitor" }, { "db" : "admin", "role" : "restore" }, { "db" : "admin", "role" : "pbmAnyAction" } ] }) // If user exists: db.getSiblingDB("admin").updateUser("pmm", { roles: [ { role: "explainRole", db: "admin" }, { role: "clusterMonitor", db: "admin" }, { role: "read", db: "local" }, { "db" : "admin", "role" : "readWrite", "collection": "" }, { "db" : "admin", "role" : "backup" }, { "db" : "admin", "role" : "clusterMonitor" }, { "db" : "admin", "role" : "restore" }, { "db" : "admin", "role" : "pbmAnyAction" } ] })