Docs 菜单
Docs 主页
/
MongoDB Cluster-to-Cluster Sync
/
参考

用户权限

mongosync连接字符串中指定的用户必须对源集群和目标集群具有所需的权限。 这些权限会有所不同,具体取决于您的环境以及您是否要修改写入阻止设置或使用反向同步。

托管集群

自我托管权限包括:

同步类型
所需的源权限
所需的目标权限

默认

  • backup

  • clusterMonitor

  • readAnyDatabase

双写入阻塞

反转

多重反转

有关服务器角色的详细信息,请参阅:自托管部署中基于角色的访问控制。

要更新用户权限,请参阅: grantRolesToUser

Atlas 集群

Atlas 权限包括:

同步类型
所需的源权限
所需的目标权限

默认

  • atlasAdmin

双重写入阻塞、反转或多重反转

有关Atlas角色的详细信息,请参阅:内置角色和权限。

要更新Atlas user权限,请参阅:管理对项目的访问权限。

最低权限

注意

最低权限可能会因 mongosync 版本而异。

最低源权限为:

同步类型
最低源权限

默认

[
   {
       "resource": { "cluster": true },
       "actions": [
          "appendOplogNote",
          "getDefaultRWConcern",
          "getShardMap",
          "hostInfo",
          "listDatabases",
          "listShards",
          "replSetGetConfig",
          "replSetGetStatus",
          "serverStatus"
       ]
   },
   {
       "resource": { "db": "", "collection": "" },
       "actions": [
          "changeStream",
          "collStats",
          "find",
          "indexStats",
          "listCollections",
          "listIndexes"
     ]
   },
   {
       "resource": { "db": "admin", "collection": "system.version" },
       "actions": [ "find" ]
   },
   {
       "resource": { "db": "", "collection": "system.js" },
       "actions": [ "listCollections", "listIndexes" ]
   },
   {
       "resource": { "db": "config", "collection": "shards" },
       "actions": [ "find" ]
   },
   {
       "resource": { "db": "config", "collection": "collections" },
       "actions": [ "find" ]
   },
   {
       "resource": { "db": "config", "collection": "version" },
       "actions": [ "find" ]
   },
   {
       "resource": { "db": "config", "collection": "settings" },
       "actions": [ "find" ]
   },
   {
       "resource": { "system_buckets": "" },
       "actions": [ "listCollections", "listIndexes" ]
   }
]

写入阻塞

一切均源自默认源权限,并添加:

[
  {
      "resource": { "cluster": true },
      "actions": [ "bypassWriteBlockingMode", "setUserWriteBlockMode" ]
  }
]

反转

一切都来自默认的源权限和默认的目标权限。

多重反转

默认源权限和默认目标权限的所有内容,并添加:

[
    { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] }
]

V4.4 迁移

[
   {
      "resource": { "cluster": true },
      "actions": [
         "addShard",
         "appendOplogNote",
         "flushRouterConfig",
         "getDefaultRWConcern",
         "getShardMap",
         "hostInfo",
         "listDatabases",
         "listShards",
         "replSetGetConfig",
         "replSetGetStatus",
         "serverStatus"
     ]
   },
   {
      "resource": { "db": "", "collection": "" },
      "actions": [
         "changeStream",
         "collStats",
         "find",
         "indexStats",
         "listCollections",
         "listIndexes"
     ]
   },
   {
      "resource": { "db": "admin", "collection": "system.version" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "", "collection": "system.js" },
      "actions": [ "listCollections", "listIndexes" ]
   },
   {
      "resource": { "db": "config", "collection": "shards" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "collections" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "version" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "settings" },
      "actions": [ "find" ]
   }
]

最低目标权限为:

同步类型
最低目标权限

默认

[
   {
      "resource": { "cluster": true },
      "actions": [
         "appendOplogNote",
         "enableSharding",
         "getDefaultRWConcern",
         "getShardMap",
         "hostInfo",
         "listDatabases",
         "listShards",
         "replSetGetConfig",
         "replSetGetStatus",
         "serverStatus"
     ]
   },
   {
      "resource": { "db": "", "collection": "" },
      "actions": [
         "bypassDocumentValidation",
         "changeStream",
         "collMod",
         "convertToCapped",
         "createCollection",
         "createIndex",
         "dropCollection",
         "dropIndex",
         "enableSharding",
         "find",
         "indexStats",
         "insert",
         "listCollections",
         "listIndexes",
         "remove",
         "renameCollectionSameDB",
         "update",
         "bypassWriteBlockingMode",
         "setUserWriteBlockMode"
     ]
   },
   {
      "resource": { "db": "admin", "collection": "system.version" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "", "collection": "system.js" },
      "actions": [ "listCollections", "listIndexes" ]
   },
   {
      "resource": { "db": "config", "collection": "shards" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "", "collection": "system.views" },
      "actions": [ "dropCollection" ]
   },
   {
      "resource": { "db": "config", "collection": "version" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "collections" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "settings" },
      "actions": [ "find" ]
   },
   {
      "resource": { "db": "config", "collection": "tags" },
      "actions": [ "find" ]
   },
   {
      "resource": { "system_buckets": "" },
      "actions": [ "listCollections", "listIndexes" ]
   }
]

写入阻塞

一切都来自默认目标权限。

反转

默认源权限和默认目标权限的所有内容,并添加:

[
   { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] }
]

多重反转

默认源权限和默认目标权限的所有内容,并添加:

[
   { "resource": { "db": "", "collection": "" }, "actions": [ "dropDatabase" ] }
]

6.0 之前的迁移

  • 从 4.4源集群迁移时,源集群应具有 clusterManager 或为 v4.4 列出的最低权限。

    v4.4 的最低源权限为:

    同步类型
    最低源权限

    V4.4 迁移

    [
       {
          "resource": { "cluster": true },
          "actions": [
             "addShard",
             "appendOplogNote",
             "flushRouterConfig",
             "getDefaultRWConcern",
             "getShardMap",
             "hostInfo",
             "listDatabases",
             "listShards",
             "replSetGetConfig",
             "replSetGetStatus",
             "serverStatus"
         ]
       },
       {
          "resource": { "db": "", "collection": "" },
          "actions": [
             "changeStream",
             "collStats",
             "find",
             "indexStats",
             "listCollections",
             "listIndexes"
         ]
       },
       {
          "resource": { "db": "admin", "collection": "system.version" },
          "actions": [ "find" ]
       },
       {
          "resource": { "db": "", "collection": "system.js" },
          "actions": [ "listCollections", "listIndexes" ]
       },
       {
          "resource": { "db": "config", "collection": "shards" },
          "actions": [ "find" ]
       },
       {
          "resource": { "db": "config", "collection": "collections" },
          "actions": [ "find" ]
       },
       {
          "resource": { "db": "config", "collection": "version" },
          "actions": [ "find" ]
       },
       {
          "resource": { "db": "config", "collection": "settings" },
          "actions": [ "find" ]
       }
    ]

  • 不支持双重写入阻塞和反向同步。

后退

日志记录

来年

遥测

在此页面上

  • 托管集群
  • Atlas 集群
  • 最低权限
  • 6.0 之前的迁移