mongodb · bgrabar · Jan 6, 2014
diff --git a/source/includes/access-mongodump.rst b/source/includes/access-mongodump.rst
@@ -0,0 +1,16 @@
+.. versionchanged:: 2.6
+
+   To backup users and :ref:`user-defined roles <user-defined-roles>` for a
+   given database, you must have access to the ``admin`` database. MongoDB
+   stores the user data and role definitions for all databases in the
+   ``admin`` database.
+
+   Specifically, to backup a given database's users, you must have the
+   :authaction:`find` :ref:`action <security-user-actions>` on the ``admin``
+   database's :data:`admin.system.users` collection. The :authrole:`backup`
+   and :authrole:`userAdminAnyDatabase` roles both provide this privilege.
+
+   To backup the user-defined roles on a database, you must have the
+   :authaction:`find` action on the ``admin`` database's
+   :data:`admin.system.roles` collection. Both the :authrole:`backup` and
+   :authrole:`userAdminAnyDatabase` roles provide this privilege.
diff --git a/source/includes/access-mongorestore.rst b/source/includes/access-mongorestore.rst
@@ -0,0 +1,16 @@
+.. versionchanged:: 2.6
+
+   To restore users and :ref:`user-defined roles <user-defined-roles>` on a
+   given database, you must have access to the ``admin`` database. MongoDB
+   stores the user data and role definitions for all databases in the
+   ``admin`` database.
+
+   Specifically, to restore users to a given database, you must have the
+   :authaction:`insert` :ref:`action <security-user-actions>` on the ``admin``
+   database's :data:`admin.system.users` collection. The :authrole:`restore`
+   role provides this privilege.
+
+   To restore user-defined roles to a database, you must have the
+   :authaction:`insert` action on the ``admin`` database's
+   :data:`admin.system.roles` collection. The :authrole:`restore` role
+   provides this privilege.
diff --git a/source/includes/fact-mongodump-local-database.rst b/source/includes/fact-mongodump-local-database.rst
@@ -1,2 +1 @@
-.. important:: :program:`mongodump` does *not* dump the content of the
-   ``local`` database.
+:program:`mongodump` does *not* dump the content of the ``local`` database.
diff --git a/source/includes/warning-mongodump-compatibility-2.2.rst b/source/includes/warning-mongodump-compatibility-2.2.rst
@@ -1,6 +1,4 @@
-.. warning::
-
-   The data format used by :program:`mongodump` from version 2.2 or
-   later is *incompatible* with earlier versions of :program:`mongod`.
-   Do not use recent versions of :program:`mongodump` to back up older
-   data stores.
+The data format used by :program:`mongodump` from version 2.2 or
+later is *incompatible* with earlier versions of :program:`mongod`.
+Do not use recent versions of :program:`mongodump` to back up older
+data stores.
diff --git a/source/reference/program/mongodump.txt b/source/reference/program/mongodump.txt
@@ -25,13 +25,21 @@ restore databases.
 instances, in addition to reading directly from MongoDB data files
 without an active :program:`mongod`.
 
+.. seealso:: :program:`mongorestore`,
+   :doc:`/tutorial/backup-sharded-cluster-with-database-dumps`
+   and :doc:`/core/backups`.
+
+Behavior
+--------
+
 .. include:: /includes/fact-mongodump-local-database.rst
 
 .. include:: /includes/warning-mongodump-compatibility-2.2.rst
 
-.. seealso:: :program:`mongorestore`,
-   :doc:`/tutorial/backup-sharded-cluster-with-database-dumps`
-   and :doc:`/core/backups`.
+Required Access to Backup User Data
+-----------------------------------
+
+.. include:: /includes/access-mongodump.rst
 
 Options
 -------

diff --git a/source/reference/program/mongorestore.txt b/source/reference/program/mongorestore.txt
@@ -19,6 +19,9 @@ data to an existing database.
 instances, in addition to writing directly to MongoDB data files
 without an active :program:`mongod`.
 
+Behavior
+--------
+
 If you restore to an existing database, :program:`mongorestore` will
 only insert into the existing database, and does not perform updates
 of any kind. If existing documents have the same value ``_id`` field
@@ -42,6 +45,11 @@ Remember the following properties of :program:`mongorestore` behavior:
 
 .. include:: /includes/warning-mongodump-compatibility-2.2.rst
 
+Required Access to Restore User Data
+------------------------------------
+
+.. include:: /includes/access-mongorestore.rst
+
 Options
 -------
 

diff --git a/source/tutorial/backup-and-restore-with-binary-database-dumps.txt b/source/tutorial/backup-and-restore-with-binary-database-dumps.txt
@@ -23,6 +23,8 @@ Backup a Database with ``mongodump``
 
 .. include:: /includes/fact-mongodump-local-database.rst
 
+.. include:: /includes/access-mongodump.rst
+
 Basic ``mongodump`` Operations
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -131,7 +133,7 @@ Consider the following example:
 
 .. code-block:: sh
 
-   mongodump --host mongodb1.example.net --port 3017 --username user --password pass --out /opt/backup/mongodump-2012-10-24
+   mongodump --host mongodb1.example.net --port 3017 --username user --password pass --out /opt/backup/mongodump-2013-10-24
 
 On any :program:`mongodump` command you may, as above, specify username
 and password credentials to specify database authentication.
@@ -141,6 +143,11 @@ and password credentials to specify database authentication.
 Restore a Database with ``mongorestore``
 ----------------------------------------
 
+.. include:: /includes/access-mongorestore.rst
+
+Basic ``mongorestore`` Operations
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 The :program:`mongorestore` utility restores a binary backup created by
 :program:`mongodump`. By default, :program:`mongorestore` looks for a
 database backup in the :file:`dump/` directory.
@@ -175,10 +182,10 @@ Consider the following example:
 
 .. code-block:: sh
 
-   mongorestore dump-2012-10-25/
+   mongorestore dump-2013-10-25/
 
 Here, :program:`mongorestore` imports the database backup in
-the :file:`dump-2012-10-25` directory to the :program:`mongod` instance
+the :file:`dump-2013-10-25` directory to the :program:`mongod` instance
 running on the localhost interface.
 
 .. _backup-restore-oplogreplay:
@@ -274,7 +281,7 @@ Consider the following example:
 
 .. code-block:: sh
 
-   mongorestore --host mongodb1.example.net --port 3017 --username user --password pass /opt/backup/mongodump-2012-10-24
+   mongorestore --host mongodb1.example.net --port 3017 --username user --password pass /opt/backup/mongodump-2013-10-24
 
 As above, you may specify username and password connections if your
 :program:`mongod` requires authentication.
diff --git a/source/tutorial/backup-sharded-cluster-with-database-dumps.txt b/source/tutorial/backup-sharded-cluster-with-database-dumps.txt
@@ -21,6 +21,8 @@ provide alternate procedures.
 
 .. include:: /includes/note-shard-cluster-backup.rst
 
+.. include:: /includes/access-mongodump.rst
+
 Procedure
 ---------
 

diff --git a/source/tutorial/backup-small-sharded-cluster-with-mongodump.txt b/source/tutorial/backup-small-sharded-cluster-with-mongodump.txt
@@ -19,6 +19,8 @@ considerations as well as a list of alternate backup tutorials.
 .. important:: By default :program:`mongodump` issue its queries to
    the non-primary nodes.
 
+.. include:: /includes/access-mongodump.rst
+
 Procedure
 ---------
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,6 +21,8 @@ provide alternate procedures. @@
     .. include:: /includes/note-shard-cluster-backup.rst
+    .. include:: /includes/access-mongodump.rst
     Procedure
     ---------
@@ Expand Down @@