From 89d9e224b47d9a1d04cef43488727d99e2ab9b38 Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Mon, 10 Mar 2025 17:47:38 -0400 Subject: [PATCH 1/9] DOCSP-47109-DOCSP-document-minimum-privileges --- .../minimum-destination-privileges.rst | 112 +++++++++++++ source/includes/minimum-source-privileges.rst | 150 ++++++++++++++++++ source/reference/permissions.txt | 14 ++ 3 files changed, 276 insertions(+) create mode 100644 source/includes/minimum-destination-privileges.rst create mode 100644 source/includes/minimum-source-privileges.rst diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst new file mode 100644 index 000000000..eea86faf8 --- /dev/null +++ b/source/includes/minimum-destination-privileges.rst @@ -0,0 +1,112 @@ +.. list-table:: + :header-rows: 1 + :stub-columns: 1 + :widths: 20 40 40 + + * - Sync Type + - Minimum Destination Privileges + + * - Default + - .. code-block:: javascript + + [ + { + "resource": { "cluster": true }, + "actions": [ + "appendOplogNote" , + "enableSharding" , + "getDefaultRWConcern", + "getShardMap" , + "hostInfo" , + "listDatabases" , + "listShards" , + "replSetGetConfig" , + "replSetGetStatus" , + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "bypassDocumentValidation", + "changeStream" , + "collMod" , + "convertToCapped" , + "createCollection" , + "createIndex" , + "dropCollection" , + "dropIndex" , + "enableSharding" , + "find" , + "indexStats" , + "insert" , + "listCollections" , + "listIndexes" , + "remove" , + "renameCollectionSameDB" , + "update" , + "bypassWriteBlockingMode" , + "setUserWriteBlockMode" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.views" }, + "actions": [ "dropCollection" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "tags" }, + "actions": [ "find" ] + }, + { + "resource": { "system_buckets": "" }, + "actions": [ "listCollections", "listIndexes" ] + } + ] + + * - Write Blocking + - Everything from the default destination privileges + + * - Reversing + - Everything from the default source privileges and the default destination + privileges with the addition of: + + .. code-block:: javascript + + [ + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + ] + + * - Multiple Reversals + - Everything from the default source privileges and the default destination + privileges with the addition of: + + .. code-block:: javascript + + [ + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + ] + diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst new file mode 100644 index 000000000..352fdfc30 --- /dev/null +++ b/source/includes/minimum-source-privileges.rst @@ -0,0 +1,150 @@ +.. list-table:: + :header-rows: 1 + :stub-columns: 1 + :widths: 20 40 40 + + * - Sync Type + - Minimum Source Privileges + + * - Default + - .. code-block:: javascript + + [ + { + "resource": { "cluster": true }, + "actions": [ + "appendOplogNote" , + "getDefaultRWConcern", + "getShardMap" , + "hostInfo" , + "listDatabases" , + "listShards" , + "replSetGetConfig" , + "replSetGetStatus" , + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream" , + "collStats" , + "find" , + "indexStats" , + "listCollections", + "listIndexes" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + }, + { + "resource": { "system_buckets": "" }, + "actions": [ "listCollections", "listIndexes" ] + } + ] + + * - Write-blocking + - Everything from the default source privileges with the addition of: + + .. code-block:: javascript + + [ + { + "resource": { "cluster": true }, + "actions": [ "bypassWriteBlockingMode", "setUserWriteBlockMode" ] + } + ] + + * - Reversing + - Everything from the default source privileges and the default destination + privileges. + + * - Multiple Reversals + - Everything from the default source privileges and the default destination + privileges with the addition of: + + .. code-block:: javascript + + [ + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + ] + + * - V4.4 Migration (insert footnote) + - .. code-block:: javascript + [ + { + "resource": { "cluster": true }, + "actions": [ + "addShard" , + "appendOplogNote" , + "flushRouterConfig" , + "getDefaultRWConcern", + "getShardMap" , + "hostInfo" , + "listDatabases" , + "listShards" , + "replSetGetConfig" , + "replSetGetStatus" , + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream" , + "collStats" , + "find" , + "indexStats" , + "listCollections", + "listIndexes" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + } + ] + + diff --git a/source/reference/permissions.txt b/source/reference/permissions.txt index 1db1e6195..f3eda8399 100644 --- a/source/reference/permissions.txt +++ b/source/reference/permissions.txt @@ -30,6 +30,20 @@ The Atlas permissions are: .. include:: /includes/table-permissions-atlas.rst +.. _c2c-minimum-privileges: + +Minimum Privileges +------------------ + +The minimum source privileges are: + +.. include:: /includes/minimum-source-privileges.rst + +The minimum destination privileges are: + +.. include:: /includes/minimum-destination-privileges.rst + + .. _c2c-older-version-permissions: Pre-6.0 Migrations From 865d75eda66a996880d0e5e8b41134b74f9b2401 Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Mon, 10 Mar 2025 18:03:41 -0400 Subject: [PATCH 2/9] table stuff --- source/includes/minimum-destination-privileges.rst | 2 +- source/includes/minimum-source-privileges.rst | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index eea86faf8..300ea31f3 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -1,7 +1,7 @@ .. list-table:: :header-rows: 1 :stub-columns: 1 - :widths: 20 40 40 + :widths: 30 10 * - Sync Type - Minimum Destination Privileges diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 352fdfc30..d178bb44c 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -1,7 +1,7 @@ .. list-table:: :header-rows: 1 :stub-columns: 1 - :widths: 20 40 40 + :widths: 30 20 * - Sync Type - Minimum Source Privileges @@ -93,6 +93,7 @@ * - V4.4 Migration (insert footnote) - .. code-block:: javascript + [ { "resource": { "cluster": true }, From 4aa53f9f8e938c120e2a5a84e208dec9c850885d Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Tue, 11 Mar 2025 10:08:51 -0400 Subject: [PATCH 3/9] table format --- source/includes/minimum-destination-privileges.rst | 2 +- source/includes/minimum-source-privileges.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index 300ea31f3..f9f6c5f51 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -1,7 +1,7 @@ .. list-table:: :header-rows: 1 :stub-columns: 1 - :widths: 30 10 + :widths: 10 20 * - Sync Type - Minimum Destination Privileges diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index d178bb44c..4eb122908 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -1,7 +1,7 @@ .. list-table:: :header-rows: 1 :stub-columns: 1 - :widths: 30 20 + :widths: 10 30 * - Sync Type - Minimum Source Privileges From 8c939a1f9c95c84915bc9a417438bf314c66d6ba Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Tue, 11 Mar 2025 10:16:21 -0400 Subject: [PATCH 4/9] fix build error --- source/includes/minimum-source-privileges.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 4eb122908..33ea5a710 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -145,7 +145,7 @@ { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] - } - ] + } + ] From 990619d3147178d15edaabf994425222b12bd517 Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Tue, 11 Mar 2025 14:37:03 -0400 Subject: [PATCH 5/9] spacing --- .../minimum-destination-privileges.rst | 102 +++++++------- source/includes/minimum-source-privileges.rst | 124 +++++++++--------- 2 files changed, 113 insertions(+), 113 deletions(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index f9f6c5f51..117e2d2df 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -13,82 +13,82 @@ { "resource": { "cluster": true }, "actions": [ - "appendOplogNote" , - "enableSharding" , - "getDefaultRWConcern", - "getShardMap" , - "hostInfo" , - "listDatabases" , - "listShards" , - "replSetGetConfig" , - "replSetGetStatus" , - "serverStatus" + "appendOplogNote", + "enableSharding", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" ] }, { - "resource": { "db": "", "collection": "" }, - "actions": [ - "bypassDocumentValidation", - "changeStream" , - "collMod" , - "convertToCapped" , - "createCollection" , - "createIndex" , - "dropCollection" , - "dropIndex" , - "enableSharding" , - "find" , - "indexStats" , - "insert" , - "listCollections" , - "listIndexes" , - "remove" , - "renameCollectionSameDB" , - "update" , - "bypassWriteBlockingMode" , - "setUserWriteBlockMode" - ] + "resource": { "db": "", "collection": "" }, + "actions": [ + "bypassDocumentValidation", + "changeStream", + "collMod", + "convertToCapped", + "createCollection", + "createIndex", + "dropCollection", + "dropIndex", + "enableSharding", + "find", + "indexStats", + "insert", + "listCollections", + "listIndexes", + "remove", + "renameCollectionSameDB", + "update", + "bypassWriteBlockingMode", + "setUserWriteBlockMode" + ] }, { - "resource": { "db": "admin", "collection": "system.version" }, - "actions": [ "find" ] + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] }, { - "resource": { "db": "", "collection": "system.js" }, - "actions": [ "listCollections", "listIndexes" ] + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] }, { - "resource": { "db": "config", "collection": "shards" }, - "actions": [ "find" ] + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] }, { - "resource": { "db": "", "collection": "system.views" }, - "actions": [ "dropCollection" ] + "resource": { "db": "", "collection": "system.views" }, + "actions": [ "dropCollection" ] }, { - "resource": { "db": "config", "collection": "version" }, - "actions": [ "find" ] + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] }, { - "resource": { "db": "config", "collection": "collections" }, - "actions": [ "find" ] + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] }, { - "resource": { "db": "config", "collection": "settings" }, - "actions": [ "find" ] + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] }, { - "resource": { "db": "config", "collection": "tags" }, - "actions": [ "find" ] + "resource": { "db": "config", "collection": "tags" }, + "actions": [ "find" ] }, { - "resource": { "system_buckets": "" }, - "actions": [ "listCollections", "listIndexes" ] + "resource": { "system_buckets": "" }, + "actions": [ "listCollections", "listIndexes" ] } ] * - Write Blocking - - Everything from the default destination privileges + - Everything from the default destination privileges. * - Reversing - Everything from the default source privileges and the default destination diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 33ea5a710..05adee9e1 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -13,33 +13,33 @@ { "resource": { "cluster": true }, "actions": [ - "appendOplogNote" , - "getDefaultRWConcern", - "getShardMap" , - "hostInfo" , - "listDatabases" , - "listShards" , - "replSetGetConfig" , - "replSetGetStatus" , - "serverStatus" + "appendOplogNote", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" ] - }, - { + }, + { "resource": { "db": "", "collection": "" }, "actions": [ - "changeStream" , - "collStats" , - "find" , - "indexStats" , - "listCollections", - "listIndexes" + "changeStream", + "collStats", + "find", + "indexStats", + "listCollections", + "listIndexes" ] - }, - { + }, + { "resource": { "db": "admin", "collection": "system.version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.js" }, "actions": [ "listCollections", "listIndexes" ] }, @@ -50,20 +50,20 @@ { "resource": { "db": "config", "collection": "collections" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] }, { "resource": { "system_buckets": "" }, "actions": [ "listCollections", "listIndexes" ] - } - ] + } + ] * - Write-blocking - Everything from the default source privileges with the addition of: @@ -88,7 +88,7 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] * - V4.4 Migration (insert footnote) @@ -98,54 +98,54 @@ { "resource": { "cluster": true }, "actions": [ - "addShard" , - "appendOplogNote" , - "flushRouterConfig" , - "getDefaultRWConcern", - "getShardMap" , - "hostInfo" , - "listDatabases" , - "listShards" , - "replSetGetConfig" , - "replSetGetStatus" , - "serverStatus" + "addShard", + "appendOplogNote", + "flushRouterConfig", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" ] - }, - { - "resource": { "db": "", "collection": "" }, - "actions": [ - "changeStream" , - "collStats" , - "find" , - "indexStats" , - "listCollections", - "listIndexes" + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream", + "collStats", + "find", + "indexStats", + "listCollections", + "listIndexes" ] - }, - { + }, + { "resource": { "db": "admin", "collection": "system.version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.js" }, "actions": [ "listCollections", "listIndexes" ] - }, - { + }, + { "resource": { "db": "config", "collection": "shards" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "collections" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] - } + } ] From b6d3f36a99ecb1df3bf1b5224eb3b0c890ebb59a Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Tue, 11 Mar 2025 16:45:38 -0400 Subject: [PATCH 6/9] actual spacing --- .../minimum-destination-privileges.rst | 46 +++++------ source/includes/minimum-source-privileges.rst | 76 +++++++++---------- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index 117e2d2df..123b2b09e 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -10,7 +10,7 @@ - .. code-block:: javascript [ - { + { "resource": { "cluster": true }, "actions": [ "appendOplogNote", @@ -24,8 +24,8 @@ "replSetGetStatus", "serverStatus" ] - }, - { + }, + { "resource": { "db": "", "collection": "" }, "actions": [ "bypassDocumentValidation", @@ -48,40 +48,40 @@ "bypassWriteBlockingMode", "setUserWriteBlockMode" ] - }, - { + }, + { "resource": { "db": "admin", "collection": "system.version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.js" }, "actions": [ "listCollections", "listIndexes" ] - }, - { + }, + { "resource": { "db": "config", "collection": "shards" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.views" }, "actions": [ "dropCollection" ] - }, - { + }, + { "resource": { "db": "config", "collection": "version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "collections" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "tags" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "system_buckets": "" }, "actions": [ "listCollections", "listIndexes" ] } @@ -97,7 +97,7 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] * - Multiple Reversals @@ -107,6 +107,6 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 05adee9e1..1ae6735c0 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -10,7 +10,7 @@ - .. code-block:: javascript [ - { + { "resource": { "cluster": true }, "actions": [ "appendOplogNote", @@ -23,8 +23,8 @@ "replSetGetStatus", "serverStatus" ] - }, - { + }, + { "resource": { "db": "", "collection": "" }, "actions": [ "changeStream", @@ -34,35 +34,35 @@ "listCollections", "listIndexes" ] - }, - { + }, + { "resource": { "db": "admin", "collection": "system.version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.js" }, "actions": [ "listCollections", "listIndexes" ] - }, - { + }, + { "resource": { "db": "config", "collection": "shards" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "collections" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "system_buckets": "" }, "actions": [ "listCollections", "listIndexes" ] - } + } ] * - Write-blocking @@ -88,14 +88,14 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] * - V4.4 Migration (insert footnote) - .. code-block:: javascript [ - { + { "resource": { "cluster": true }, "actions": [ "addShard", @@ -109,9 +109,9 @@ "replSetGetConfig", "replSetGetStatus", "serverStatus" - ] - }, - { + ] + }, + { "resource": { "db": "", "collection": "" }, "actions": [ "changeStream", @@ -120,32 +120,32 @@ "indexStats", "listCollections", "listIndexes" - ] - }, - { + ] + }, + { "resource": { "db": "admin", "collection": "system.version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "", "collection": "system.js" }, "actions": [ "listCollections", "listIndexes" ] - }, - { + }, + { "resource": { "db": "config", "collection": "shards" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "collections" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "version" }, "actions": [ "find" ] - }, - { + }, + { "resource": { "db": "config", "collection": "settings" }, "actions": [ "find" ] - } - ] + } + ] From 33ce9507c7c8afd4b2c25cd2983142aa86e20980 Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Wed, 12 Mar 2025 11:16:53 -0400 Subject: [PATCH 7/9] changed spacing to 3 --- source/includes/minimum-destination-privileges.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index 123b2b09e..178f357de 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -8,7 +8,7 @@ * - Default - .. code-block:: javascript - + [ { "resource": { "cluster": true }, From 872ded53273f3c48190dbfb41b34b3ca0bd92ee4 Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Wed, 12 Mar 2025 15:30:34 -0400 Subject: [PATCH 8/9] re doing all of the spaces god --- .../minimum-destination-privileges.rst | 156 ++++++------- source/includes/minimum-source-privileges.rst | 218 +++++++++--------- 2 files changed, 187 insertions(+), 187 deletions(-) diff --git a/source/includes/minimum-destination-privileges.rst b/source/includes/minimum-destination-privileges.rst index 178f357de..24018adde 100644 --- a/source/includes/minimum-destination-privileges.rst +++ b/source/includes/minimum-destination-privileges.rst @@ -10,82 +10,82 @@ - .. code-block:: javascript [ - { - "resource": { "cluster": true }, - "actions": [ - "appendOplogNote", - "enableSharding", - "getDefaultRWConcern", - "getShardMap", - "hostInfo", - "listDatabases", - "listShards", - "replSetGetConfig", - "replSetGetStatus", - "serverStatus" - ] - }, - { - "resource": { "db": "", "collection": "" }, - "actions": [ - "bypassDocumentValidation", - "changeStream", - "collMod", - "convertToCapped", - "createCollection", - "createIndex", - "dropCollection", - "dropIndex", - "enableSharding", - "find", - "indexStats", - "insert", - "listCollections", - "listIndexes", - "remove", - "renameCollectionSameDB", - "update", - "bypassWriteBlockingMode", - "setUserWriteBlockMode" - ] - }, - { - "resource": { "db": "admin", "collection": "system.version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "", "collection": "system.js" }, - "actions": [ "listCollections", "listIndexes" ] - }, - { - "resource": { "db": "config", "collection": "shards" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "", "collection": "system.views" }, - "actions": [ "dropCollection" ] - }, - { - "resource": { "db": "config", "collection": "version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "collections" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "settings" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "tags" }, - "actions": [ "find" ] - }, - { - "resource": { "system_buckets": "" }, - "actions": [ "listCollections", "listIndexes" ] - } - ] + { + "resource": { "cluster": true }, + "actions": [ + "appendOplogNote", + "enableSharding", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "bypassDocumentValidation", + "changeStream", + "collMod", + "convertToCapped", + "createCollection", + "createIndex", + "dropCollection", + "dropIndex", + "enableSharding", + "find", + "indexStats", + "insert", + "listCollections", + "listIndexes", + "remove", + "renameCollectionSameDB", + "update", + "bypassWriteBlockingMode", + "setUserWriteBlockMode" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.views" }, + "actions": [ "dropCollection" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "tags" }, + "actions": [ "find" ] + }, + { + "resource": { "system_buckets": "" }, + "actions": [ "listCollections", "listIndexes" ] + } + ] * - Write Blocking - Everything from the default destination privileges. @@ -97,7 +97,7 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] * - Multiple Reversals @@ -107,6 +107,6 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 1ae6735c0..55274d474 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -10,59 +10,59 @@ - .. code-block:: javascript [ - { - "resource": { "cluster": true }, - "actions": [ - "appendOplogNote", - "getDefaultRWConcern", - "getShardMap", - "hostInfo", - "listDatabases", - "listShards", - "replSetGetConfig", - "replSetGetStatus", - "serverStatus" - ] - }, - { - "resource": { "db": "", "collection": "" }, - "actions": [ - "changeStream", - "collStats", - "find", - "indexStats", - "listCollections", - "listIndexes" - ] - }, - { - "resource": { "db": "admin", "collection": "system.version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "", "collection": "system.js" }, - "actions": [ "listCollections", "listIndexes" ] - }, - { - "resource": { "db": "config", "collection": "shards" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "collections" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "settings" }, - "actions": [ "find" ] - }, - { - "resource": { "system_buckets": "" }, - "actions": [ "listCollections", "listIndexes" ] - } + { + "resource": { "cluster": true }, + "actions": [ + "appendOplogNote", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream", + "collStats", + "find", + "indexStats", + "listCollections", + "listIndexes" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + }, + { + "resource": { "system_buckets": "" }, + "actions": [ "listCollections", "listIndexes" ] + } ] * - Write-blocking @@ -71,10 +71,10 @@ .. code-block:: javascript [ - { - "resource": { "cluster": true }, - "actions": [ "bypassWriteBlockingMode", "setUserWriteBlockMode" ] - } + { + "resource": { "cluster": true }, + "actions": [ "bypassWriteBlockingMode", "setUserWriteBlockMode" ] + } ] * - Reversing @@ -88,64 +88,64 @@ .. code-block:: javascript [ - { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } + { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] * - V4.4 Migration (insert footnote) - .. code-block:: javascript [ - { - "resource": { "cluster": true }, - "actions": [ - "addShard", - "appendOplogNote", - "flushRouterConfig", - "getDefaultRWConcern", - "getShardMap", - "hostInfo", - "listDatabases", - "listShards", - "replSetGetConfig", - "replSetGetStatus", - "serverStatus" - ] - }, - { - "resource": { "db": "", "collection": "" }, - "actions": [ - "changeStream", - "collStats", - "find", - "indexStats", - "listCollections", - "listIndexes" - ] - }, - { - "resource": { "db": "admin", "collection": "system.version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "", "collection": "system.js" }, - "actions": [ "listCollections", "listIndexes" ] - }, - { - "resource": { "db": "config", "collection": "shards" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "collections" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "version" }, - "actions": [ "find" ] - }, - { - "resource": { "db": "config", "collection": "settings" }, - "actions": [ "find" ] - } + { + "resource": { "cluster": true }, + "actions": [ + "addShard", + "appendOplogNote", + "flushRouterConfig", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream", + "collStats", + "find", + "indexStats", + "listCollections", + "listIndexes" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + } ] From 9fe90f8b0445be093780125cded383949a148cdd Mon Sep 17 00:00:00 2001 From: Grace Miller Date: Thu, 13 Mar 2025 10:45:44 -0400 Subject: [PATCH 9/9] feedback --- source/includes/minimum-source-privileges.rst | 2 +- source/reference/permissions.txt | 78 ++++++++++++++++++- 2 files changed, 76 insertions(+), 4 deletions(-) diff --git a/source/includes/minimum-source-privileges.rst b/source/includes/minimum-source-privileges.rst index 55274d474..3fa5bb5dc 100644 --- a/source/includes/minimum-source-privileges.rst +++ b/source/includes/minimum-source-privileges.rst @@ -91,7 +91,7 @@ { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] } ] - * - V4.4 Migration (insert footnote) + * - V4.4 Migration - .. code-block:: javascript [ diff --git a/source/reference/permissions.txt b/source/reference/permissions.txt index f3eda8399..b87b7c816 100644 --- a/source/reference/permissions.txt +++ b/source/reference/permissions.txt @@ -35,6 +35,10 @@ The Atlas permissions are: Minimum Privileges ------------------ +.. note:: + + Minimum privileges may change across mongosync versions. + The minimum source privileges are: .. include:: /includes/minimum-source-privileges.rst @@ -43,13 +47,81 @@ The minimum destination privileges are: .. include:: /includes/minimum-destination-privileges.rst - .. _c2c-older-version-permissions: Pre-6.0 Migrations ------------------ -- When migrating from a 4.4 source cluster, you must have - :authrole:`clusterManager` permissions on the source cluster. +- When migrating from a 4.4 source cluster, the source cluster + should either have :authrole:`clusterManager` or the minimum + permissions listed for v4.4. + + The minimum source permissions for v4.4 are: + + .. list-table:: + :header-rows: 1 + :stub-columns: 1 + :widths: 10 30 + + * - Sync Type + - Minimum Source Privileges + + * - V4.4 Migration + - .. code-block:: javascript + + [ + { + "resource": { "cluster": true }, + "actions": [ + "addShard", + "appendOplogNote", + "flushRouterConfig", + "getDefaultRWConcern", + "getShardMap", + "hostInfo", + "listDatabases", + "listShards", + "replSetGetConfig", + "replSetGetStatus", + "serverStatus" + ] + }, + { + "resource": { "db": "", "collection": "" }, + "actions": [ + "changeStream", + "collStats", + "find", + "indexStats", + "listCollections", + "listIndexes" + ] + }, + { + "resource": { "db": "admin", "collection": "system.version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "", "collection": "system.js" }, + "actions": [ "listCollections", "listIndexes" ] + }, + { + "resource": { "db": "config", "collection": "shards" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "collections" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "version" }, + "actions": [ "find" ] + }, + { + "resource": { "db": "config", "collection": "settings" }, + "actions": [ "find" ] + } + ] - Dual write-blocking and reverse sync are not supported. +