After the server has been updated to storing user information in the new system.userinfo and system.roleinfo collections (which will forbid direct modification, requiring commands to change any user data), the tools will have to be updated to be able to properly handle backing up and restoring user and role information.
It's still not completely clear how best this should be done - should we create a role that is allowed to do direct modification of system.userinfo and system.roleinfo and require such a role for the backup tools? Or do we need to update mongoimport and mongorestore to be able to use the proper user management commands to restore user information from a dump of system.userinfo and system.roleinfo?
- depends on
-
SERVER-6246 Manipulate user objects exclusively via commands
- Closed
-
SERVER-9517 New schema for users and roles data
- Closed
- is related to
-
SERVER-11461 mongorestore with --drop doesn't drop admin.system.roles or admin.system.version.
- Closed
-
SERVER-9514 System-defined roles
- Closed
- related to
-
TOOLS-134 Mongodump and mongoexport should skip collections they don't have read access to
- Closed