Roles for MongoDB
You must define role-based access control (RBAC) roles for the MongoDB agent users if authentication is enabled on the MongoDB database. When the roles are set up, users can protect and monitor MongoDB resources with IBM Spectrum® Protect Plus in accordance with the users' defined roles.
Role-based access control for MongoDB
For each MongoDB user, specify access roles
by using a command similar to the following
example:
use admin
db.grantRolesToUser("<username>",
[ { role: "hostManager", db: "admin" },
{ role: "clusterManager", db: "admin" } ] )
The following roles are available:
hostManager
- This role provides access to the fsyncLock command. This access is required for application-consistent backups of MongoDB databases where journaling is not enabled. This role also provides access to the shutdown command, which is used during a restore operation to shut down the MongoDB server instance that the restore is directed to.
clusterMonitor
- This role provides access to commands for monitoring and reading the state of the MongoDB database. The following commands are available to
users with this role:
- getCmdLineOpts
- serverVersion
- replSetGetConfig
- replSetGetStatus
- isMaster
- listShards
clusterManager
- This role is only required only for running test restore operations of replica sets. Users who
run the replSetReconfig command can create the restored instance of a single node
replica set. This role enables read and write access during test restore operations of replica sets.
Without this access, the node in the replica set would remain in the
REMOVED
state without read and write access. In addition, this role provides access to commands for reading the state of the MongoDB database. The following commands are available for this role:- replSetReconfig
- getCmdLineOpts
- serverVersion
- replSetGetConfig
- replSetGetStatus
- isMaster
- listShards