From 25e3a90239af4fd1c2113ad67e3b2365cd1da864 Mon Sep 17 00:00:00 2001 From: Zack Brown Date: Tue, 13 Aug 2013 16:28:44 -0400 Subject: [PATCH] DOCS-1536: Document roles required to run mongodump with authentication in MongoDB 2.4+ --- source/reference/program/mongodump.txt | 47 +++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/source/reference/program/mongodump.txt b/source/reference/program/mongodump.txt index 369c1e956a8..9b43541f749 100644 --- a/source/reference/program/mongodump.txt +++ b/source/reference/program/mongodump.txt @@ -6,6 +6,10 @@ .. default-domain:: mongodb +.. contents:: + :backlinks: none + :local: + .. |tool-binary| replace:: mongodump Synopsis @@ -17,7 +21,7 @@ effective :doc:`backup strategy `. Use :program:`mongodump` in conjunction with :program:`mongorestore` to restore databases. -:program:`mongodump` can read data from either `mongod` or :program:`mongos` +:program:`mongodump` can read data from either :program:`mongod` or :program:`mongos` instances, in addition to reading directly from MongoDB data files without an active :program:`mongod`. @@ -226,8 +230,6 @@ Options .. include:: /includes/warning-fsync-lock-mongodump.rst -.. _mongodump-behavior: - Behavior -------- @@ -236,6 +238,40 @@ where the :term:`sharded cluster` consists of :term:`replica sets `, the :term:`read preference` of the operation will prefer reads from :term:`secondary` members of the set. +Required User Privileges +------------------------ + +The user must have appropriate privileges to run :program:`mongodump` on +collections. + +.. list-table:: + :header-rows: 1 + :class: index-table + + * - Database/collections to dump + - Minimum privileges required + + * - Any collection except ``system.users`` + + A database including all collections + + All the databases + + - :authrole:`read` + + :authrole:`read` and :authrole:`userAdmin` + + :authrole:`readAnyDatabase`, :authrole:`userAdminAnyDatabase`, and :authrole:`clusterAdmin` + +.. note:: + + If profiling is enabled in any database, the user may also need the + :authrole:`dbAdminAnyDatabase` privilege. + +See :doc:`/reference/user-privileges` and +:doc:`/reference/privilege-documents` for more information on user +roles. + Usage ----- @@ -245,7 +281,7 @@ for a larger overview of :program:`mongodump` usage. Also see the :program:`mongorestore`, which provides the related inverse functionality. -The following command, creates a dump file that contains only the +The following command creates a dump file that contains only the collection named ``collection`` in the database named ``test``. In this case the database is running on the local interface on port ``27017``: @@ -272,3 +308,6 @@ authenticating using the username ``user`` and the password .. code-block:: sh mongodump --host mongodb1.example.net --port 37017 --username user --password pass --out /opt/backup/mongodump-2011-10-24 + +.. _mongodump-behavior: +