Skip to content

DOCS-1536: Document roles required to run mongodump with authentication ... #1186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

DOCS-1536: Document roles required to run mongodump with authentication ... #1186

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 43 additions & 4 deletions source/reference/program/mongodump.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@

.. default-domain:: mongodb

.. contents::
:backlinks: none
:local:

.. |tool-binary| replace:: mongodump

Synopsis
Expand All @@ -17,7 +21,7 @@ effective :doc:`backup strategy </core/backups>`. Use
:program:`mongodump` in conjunction with :program:`mongorestore` to
restore databases.

:program:`mongodump` can read data from either `mongod` or :program:`mongos`
:program:`mongodump` can read data from either :program:`mongod` or :program:`mongos`
instances, in addition to reading directly from MongoDB data files
without an active :program:`mongod`.

Expand Down Expand Up @@ -226,8 +230,6 @@ Options

.. include:: /includes/warning-fsync-lock-mongodump.rst

.. _mongodump-behavior:

Behavior
--------

Expand All @@ -236,6 +238,40 @@ where the :term:`sharded cluster` consists of :term:`replica sets <replica
set>`, the :term:`read preference` of the operation will prefer reads
from :term:`secondary` members of the set.

Required User Privileges
------------------------

The user must have appropriate privileges to run :program:`mongodump` on
collections.

.. list-table::
:header-rows: 1
:class: index-table

* - Database/collections to dump
- Minimum privileges required

* - Any collection except ``system.users``

A database including all collections

All the databases

- :authrole:`read`

:authrole:`read` and :authrole:`userAdmin`

:authrole:`readAnyDatabase`, :authrole:`userAdminAnyDatabase`, and :authrole:`clusterAdmin`

.. note::

If profiling is enabled in any database, the user may also need the
:authrole:`dbAdminAnyDatabase` privilege.

See :doc:`/reference/user-privileges` and
:doc:`/reference/privilege-documents` for more information on user
roles.

Usage
-----

Expand All @@ -245,7 +281,7 @@ for a larger overview of :program:`mongodump` usage. Also see the
:program:`mongorestore`, which provides the related inverse
functionality.

The following command, creates a dump file that contains only the
The following command creates a dump file that contains only the
collection named ``collection`` in the database named ``test``. In
this case the database is running on the local interface on port
``27017``:
Expand All @@ -272,3 +308,6 @@ authenticating using the username ``user`` and the password
.. code-block:: sh

mongodump --host mongodb1.example.net --port 37017 --username user --password pass --out /opt/backup/mongodump-2011-10-24

.. _mongodump-behavior: