If verification is enabled for the mongodb instance, the MMS monitoring proxy and backup proxy require verification and grant it the necessary permissions. The mongodb admin database defines all user accounts. This section describes mongodb2.4 and mongodb2.6. The proxy user must have clusterMonit
If verification is enabled for the mongodb instance, the MMS monitoring proxy and backup proxy require verification and grant it the necessary permissions. The mongodb admin database defines all user accounts. This section describes mongodb2.4 and mongodb2.6. MMS monitoring Apsaradb for MongoDB 2.6To monitor mongodb2.6 instances, the proxy user must have the clusterMonitor role.use admindb.createUser( { user: "", pwd: "", roles: [ { role: "clusterMonitor", db: "admin" } ] } )In addition, to be compatible with version 2.4, the agent may try to query the local database. Only the clusterMonitor role is granted. verification error information is generated in mongodb logs. The proxy can recover the error and ignore the message with confidence. To monitor MongoDB 2.4 instances, the proxy user must have the following permissions:
use admindb.addUser( { user: "", pwd: "", roles: [ "clusterAdmin", "readAnyDatabase" ] } )Because the basic monitoring user does not need the dbAdminAnyDatabase role, the mongodb log may report the following information: command denied: {profile:-1 }. If you do not want MMS to collect profile data, ignore this information. This permission is granted if collection is required. MMS Monitoring with Database ProfilingProfiling can capture ongoing read/write operations, cursor? Operation and information about database commands. MongoDB 2.6 with database profiling monitoring version 2.6 requires the clusterMonitor role permission.
use admindb.createUser( { user: "", pwd: "", roles: [ { role: "clusterMonitor", db: "admin" } ] } )MongoDB 2.4 with database profiling monitoring version 2.4 requires the following role permissions:
use admindb.addUser( { user: "", pwd: "", roles: [ "clusterAdmin", "readAnyDatabase", "dbAdminAnyDatabase" ] } )MMS Monitoring without dbStats will generate Monitoring data without database storage, record, index and other data statistics. That is, data under dbStats will not be collected. The MongoDB 2.6 clusterMonitor role has the permission to perform the dbStats operation.
use admindb.createUser( { user: "", pwd: "", roles: [ { role: "clusterMonitor", db: "admin" } ] } )MongoDB 2.4 Monitoring version 2.4 requires the clusterAdmin role permission.
use admindb.addUser( { user: "", pwd: "", roles: [ "clusterAdmin" ] } )The following permissions are required for backing up MongoDB2.6 instances in MongoDB 2.6 by using MMS:
use admindb.createUser( { user: "", pwd: "", roles: [ "clusterAdmin", "readAnyDatabase", "userAdminAnyDatabase", { role: "readWrite", db: "admin" }, { role: "readWrite", db: "local" }, ] } )For MongoDB 2.4 MongoDB instances to be backed up, the backup proxy requires the following permissions:
use admindb.addUser( { user: "", pwd: "", roles: [ "clusterAdmin", "readAnyDatabase", "userAdminAnyDatabase" ], otherDBRoles: { local: ['readWrite'], admin: ['readWrite'] } } )
Original article address: MMS proxy permission verification requirement (12). Thank you for sharing it with the original author.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
