DOCSP-22105 User Write Block (#1069)

* DOCSP-22105 Database Command

* DOCSP-22105 Auth privileges

* DOCSP-22105 Example

* DOCSP-22105 Auth privileges

* DOCSP-22105 Privilege updates

* DOCSP-22105 Expands example

* DOCSP-22105 Expands example

* DOCSP-22105 Fixes per Dave

* DOCSP-22105 Fixes per Dave

* DOCSP-22105 Expands example

Author: kennethdyer

source/reference/built-in-roles.txt

@@ -589,6 +589,7 @@ Backup and Restoration Roles
    - :authaction:`getParameter`
    - :authaction:`listDatabases`
    - :authaction:`serverStatus` (Starting in MongoDB 4.2)
+   - :authaction:`setUserWriteBlockMode` (Starting in MongoDB 6.0)
 
    Provides the :authaction:`find` action on the following:
 
@@ -703,6 +704,12 @@ Backup and Restoration Roles
    modification operations, *only* modify these data using the
    :ref:`user management methods <user-management-methods>`.
 
+   On the :ref:`cluster <resource-cluster>` as a whole, provides the
+   following actions:
+
+   * :authaction:`bypassWriteBlockMode` (Staring in MongoDB 6.0)
+   * :authaction:`setUserWriteBlockMode` (Starting in MongoDB 6.0)
+
    .. note:: Aside
 
       Starting in version 4.2, MongoDB removes the

source/reference/command/nav-administration.txt

@@ -197,4 +197,5 @@ Administration Commands
    /reference/command/setIndexCommitQuorum
    /reference/command/setParameter
    /reference/command/setDefaultRWConcern
+   /reference/command/setUserWriteBlockMode
    /reference/command/shutdown

source/reference/command/setUserWriteBlockMode.txt

@@ -0,0 +1,111 @@
+=====================
+setUserWriteBlockMode
+=====================
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+Definition
+----------
+
+.. dbcommand:: setUserWriteBlockMode
+
+   .. versionadded:: 6.0
+
+   The ``setUserWriteBlockMode`` command blocks and unblocks writes to
+   the entire cluster.
+
+   During cluster to cluster replication, ``mongosync``, the cluster to cluster 
+   synchronization tool, uses ``setUserWriteBlockMode`` command
+   to block writes on the destination cluster.
+
+   .. note::
+
+      Users and applications with the :authaction:`bypassWriteBlockMode` privilege
+      can bypass the block and continue to perform writes.
+
+Syntax
+-------
+
+The ``setUserWriteBlockMode`` command has the following syntax:
+
+.. code-block:: text
+
+   db.adminCommand(
+      {
+         setUserWriteBlockMode: 1,
+         global: <boolean>
+      }
+   )
+
+The command takes the following fields:
+
+.. list-table::
+   :header-rows: 1
+
+   * - Field
+     - Type
+     - Description
+
+   * - ``setUserWriteBlockMode``
+     - integer
+     - Set this field to ``1``.
+
+   * - ``global``
+     - boolean
+     - Blocks writes on a cluster when set to ``true``.  To enable writes on
+       a cluster, set ``global: false``.
+     
+Required Access
+---------------
+
+To execute the ``setUserWriteBlockMode`` command, the user must
+have the :authaction:`setUserWriteBlockMode` privilege.
+
+
+Example
+--------
+
+#. Enable user write block mode:
+
+   .. code-block:: javascript
+
+      db.adminCommand( {
+         setUserWriteBlockMode: 1,
+         global: true
+      } )
+
+#. Add a record to the collection:
+
+   .. code-block:: javascript
+
+      db.names.insertOne( { name: "George Washington Cable" } )
+
+   The server blocks the write because the user write block is enabled.
+
+   Example  Output:
+
+   .. code-block:: text
+
+      MongoServerError: User writes blocked
+
+#. Disable user write block mode:
+
+   .. code-block:: javascript
+
+      db.adminCommand( {
+         setUserWriteBlockMode: 1,
+         global: false 
+      } )
+
+#. Add a record to the collection:
+
+   .. code-block:: javascript
+
+      db.names.insertOne( { name: "George Washington Cable" } )
+
+   The :method:`~db.collection.insertOne()` method writes to a collection.  The
+   server allows the write because the user write block is disabled. 

source/reference/privilege-actions.txt

@@ -574,6 +574,12 @@ Server Administration Actions
    User can perform the :dbcommand:`logApplicationMessage` command. Apply
    this action to the ``cluster`` resource.
 
+.. authaction:: bypassWriteBlockMode
+
+   User can perform writes even when writes are blocked by the
+   :dbcommand:`setUserWriteBlockMode` command.
+   Apply this action to the ``cluster`` resource.
+
 .. authaction:: closeAllDatabases
 
    User can perform the deprecated ``closeAllDatabases`` command. Apply this
@@ -688,6 +694,11 @@ Server Administration Actions
    User can perform the :dbcommand:`setParameter` command. Apply this
    action to the ``cluster`` resource.
 
+.. authaction:: setUserWriteBlockMode
+
+   User can perform the :dbcommand:`setUserWriteBlockMode` command.
+   Apply this action to the ``cluster`` resource.
+
 .. authaction:: shutdown
 
    User can perform the :dbcommand:`shutdown` command. Apply this action