mongodb · bgrabar · Jan 7, 2014
diff --git a/bin/builddata/htaccess.yaml b/bin/builddata/htaccess.yaml
@@ -3293,4 +3293,11 @@ outputs:
   - 'master'
   - 'manual'
   - 'after-v2.2'
+---
+redirect-path: '/reference/system-defined-roles'
+url-base: '/reference/built-in-roles'
+type: 'redirect'
+code: 301
+outputs:
+  - 'master'
 ...
diff --git a/source/core/access-control.txt b/source/core/access-control.txt
@@ -69,8 +69,8 @@ that role.
 A role can consist of both privileges and other roles. A role :ref:`inherits
 <inheritance>` the privileges of any contained roles.
 
-MongoDB provides both :doc:`system-defined roles
-</reference/system-defined-roles>` and the ability to create new
+MongoDB provides both :doc:`built-in roles
+</reference/built-in-roles>` and the ability to create new
 :ref:`user-defined roles <user-defined-roles>`.
 
 .. _privileges:

diff --git a/source/core/backups.txt b/source/core/backups.txt
@@ -12,9 +12,11 @@ backup system to ensure that you can recover backed up data as
 needed. If you cannot effectively restore your database from the
 backup, then your backups are useless.
 
-.. note::
-
-   .. include:: /includes/fact-mms-backup-service-notice.rst
+The `MongoDB Management Service
+<https://mms.10gen.com/?pk_campaign=MongoDB-Org&pk_kwd=Backup-Docs>`_
+supports backup and restoration for MongoDB deployments. See the `MMS
+Backup Documentation <https://mms.mongodb.com/help/backup/>`_ for more
+information.
 
 .. _backup-considerations:
 

diff --git a/source/includes/access-mongodump-collections.rst b/source/includes/access-mongodump-collections.rst
@@ -0,0 +1,12 @@
+To backup all the databases in a cluster via :program:`mongodump`, a user
+should have the :authrole:`backup` role. The :authrole:`backup` role provides
+all the needed privileges for backing up all database. The role confers no
+additional access, in keeping with the policy of :ref:`least privilege`.
+
+To backup a given database, a user must have read access on the database.
+Several roles provide this access, including the :authrole:`backup` role.
+
+To backup the ``system.profile`` collection in a database, a user must have
+read access on certain system collections in the database. Several roles
+provide this access, including the :authrole:`clusterAdmin` and
+:authrole:`dbAdmin` roles.
diff --git a/source/includes/access-mongodump.rst → source/includes/access-mongodump-users.rst b/source/includes/access-mongodump.rst → source/includes/access-mongodump-users.rst
diff --git a/source/includes/fact-mms-backup-service-notice.rst b/source/includes/fact-mms-backup-service-notice.rst
diff --git a/source/includes/steps-add-admin-user.yaml b/source/includes/steps-add-admin-user.yaml
@@ -15,7 +15,7 @@ stepnum: 3
 ref: create-admin-user
 pre: |
   In the ``admin`` database, create a new user using the
-  :method:`db.createUser()` method. Give the user the system-defined
+  :method:`db.createUser()` method. Give the user the built-in
   :authrole:`root` role.
 action:
   pre: |

diff --git a/source/includes/toc-security-reference.yaml b/source/includes/toc-security-reference.yaml
@@ -1,4 +1,4 @@
-file: /reference/system-defined-roles
+file: /reference/built-in-roles
 description: |
   Reference on MongoDB provided roles and corresponding access.
 ---

diff --git a/source/includes/warning-fsync-lock-mongodump.rst b/source/includes/warning-fsync-lock-mongodump.rst
@@ -1,8 +1,7 @@
-.. warning:: 
+.. versionchanged:: 2.2 
 
-   .. versionchanged:: 2.2 
-      When used in combination with :dbcommand:`fsync` or
-      :method:`db.fsyncLock()`, :program:`mongod` may block some
-      reads, including those from :program:`mongodump`, when
-      queued write operation waits behind the :dbcommand:`fsync`
-      lock.
+   When used in combination with :dbcommand:`fsync` or
+   :method:`db.fsyncLock()`, :program:`mongod` may block some
+   reads, including those from :program:`mongodump`, when
+   queued write operation waits behind the :dbcommand:`fsync`
+   lock.
diff --git a/source/reference/system-defined-roles.txt → source/reference/built-in-roles.txt b/source/reference/system-defined-roles.txt → source/reference/built-in-roles.txt
diff --git a/source/reference/program/mongodump.txt b/source/reference/program/mongodump.txt
@@ -36,10 +36,25 @@ Behavior
 
 .. include:: /includes/warning-mongodump-compatibility-2.2.rst
 
-Required Access to Backup User Data
------------------------------------
+When running :program:`mongodump` against a :program:`mongos` instance
+where the :term:`sharded cluster` consists of :term:`replica sets <replica
+set>`, the :term:`read preference` of the operation will prefer reads
+from :term:`secondary` members of the set.
+
+.. include:: /includes/warning-fsync-lock-mongodump.rst
+
+Required Access
+---------------
+
+Backup Collections
+~~~~~~~~~~~~~~~~~~
 
-.. include:: /includes/access-mongodump.rst
+.. include:: /includes/access-mongodump-collections.rst
+
+Backup Users
+~~~~~~~~~~~~
+
+.. include:: /includes/access-mongodump-users.rst
 
 Options
 -------
@@ -241,58 +256,6 @@ Options
    .. important:: Use :option:`--forceTableScan` with extreme caution
       and consideration.
 
-Behavior
---------
-
-When running :program:`mongodump` against a :program:`mongos` instance
-where the :term:`sharded cluster` consists of :term:`replica sets <replica
-set>`, the :term:`read preference` of the operation will prefer reads
-from :term:`secondary` members of the set.
-
-.. include:: /includes/warning-fsync-lock-mongodump.rst
-
-Required User Privileges
-------------------------
-
-.. note:: User privileges changed in MongoDB 2.4.
-
-The user must have appropriate privileges to read data from database
-holding collections in order to use :program:`mongodump`. Consider the
-following :doc:`required privileges </reference/system-defined-roles>` for
-the following :program:`mongodump` operations:
-
-.. list-table::
-   :header-rows: 1
-
-   * - Task
-     - Required Privileges
-
-   * - All collections in a database except ``system.users``.
-     - :authrole:`read`. [#read-or-read-write]_
-
-   * - All collections in a database, including ``system.users``.
-     - :authrole:`read` [#read-or-read-write]_ and :authrole:`userAdmin`.
-
-   * - All databases. [#profiling-exception]_
-     - :authrole:`readAnyDatabase`, :authrole:`userAdminAnyDatabase`,
-       and :authrole:`clusterAdmin`. [#cluster-admin]_
-
-See :doc:`/reference/system-defined-roles` and
-:doc:`/reference/privilege-documents` for more information on user
-roles.
-
-.. [#read-or-read-write] You may provision :authrole:`readWrite`
-   instead of :authrole:`read`.
-
-.. [#cluster-admin] :authrole:`clusterAdmin` provides the ability to
-   run the :dbcommand:`listDatabases` command, to list all existing
-   databases.
-
-.. [#profiling-exception] If any database runs with profiling enabled,
-   :program:`mongodump` may need the
-   :authrole:`dbAdminAnyDatabase` privilege to dump the
-   ``system.profile`` collection.
-
 Usage
 -----
 

diff --git a/source/reference/program/mongostat.txt b/source/reference/program/mongostat.txt
@@ -94,7 +94,7 @@ Options
    .. important:: This user must have sufficient credentials to run
       the :dbcommand:`serverStatus` command, which is the
       :authrole:`clusterAdmin` role. See
-      :doc:`/reference/system-defined-roles` and
+      :doc:`/reference/built-in-roles` and
       :doc:`/reference/privilege-documents` for more information.
 
 .. option:: --password <password>, -p <password>

diff --git a/source/tutorial/backup-and-restore-with-binary-database-dumps.txt b/source/tutorial/backup-and-restore-with-binary-database-dumps.txt
@@ -23,7 +23,9 @@ Backup a Database with ``mongodump``
 
 .. include:: /includes/fact-mongodump-local-database.rst
 
-.. include:: /includes/access-mongodump.rst
+.. include:: /includes/access-mongodump-collections.rst
+
+.. include:: /includes/access-mongodump-users.rst
 
 Basic ``mongodump`` Operations
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/source/tutorial/backup-sharded-cluster-with-database-dumps.txt b/source/tutorial/backup-sharded-cluster-with-database-dumps.txt
@@ -21,7 +21,9 @@ provide alternate procedures.
 
 .. include:: /includes/note-shard-cluster-backup.rst
 
-.. include:: /includes/access-mongodump.rst
+.. include:: /includes/access-mongodump-collections.rst
+
+.. include:: /includes/access-mongodump-users.rst
 
 Procedure
 ---------

diff --git a/source/tutorial/backup-small-sharded-cluster-with-mongodump.txt b/source/tutorial/backup-small-sharded-cluster-with-mongodump.txt
@@ -19,7 +19,9 @@ considerations as well as a list of alternate backup tutorials.
 .. important:: By default :program:`mongodump` issue its queries to
    the non-primary nodes.
 
-.. include:: /includes/access-mongodump.rst
+.. include:: /includes/access-mongodump-collections.rst
+
+.. include:: /includes/access-mongodump-users.rst
 
 Procedure
 ---------

diff --git a/source/tutorial/define-roles.txt b/source/tutorial/define-roles.txt
@@ -9,7 +9,7 @@ Overview
 
 Roles grant users access to MongoDB resources. By default, MongoDB
 provides a number of 
-:doc:`system-defined roles </reference/system-defined-roles>`
+:doc:`built-in roles </reference/built-in-roles>`
 that administrators may use to control
 access to a MongoDB system. However, if these roles cannot describe
 the desired privilege set of a particular user type in a deployment,