setUserWriteBlocking in mongosync

I config cluster to cluster sync with mongosync and want to block write in target cluster.
In both source and target, I create user ‘admin’ with role [backup, clusterManager, clusterMonitor, readWriteAnyDatabase, restore] as Document about user permission in cluster to cluster sync.

I follow the above document and after start sync with option enableWriteBlocking, write in target still happen. I see that in role “restore”, there is action “bypassWriteBlocking”. But in document it display role “restore” for us to set in write blocking purpose.

Did I understand it right? How to set block write in target cluster?

I hope receive your solutions, thank you everyone!

Hi @npk72,
Yes, it is possible to write to the target cluster thus making the data inconsistent, but in the limitations section, we see that users are not synchronized, so if the admin user is not used by someone or users are specifically created to write, no one will have the ability to do so.
From the documentation:

I hope it’s useful!

Best Regards

Thank @Fabio_Ramohitaj,

But my problem is that I can still write into target cluster although I set “enableUserWriteBlocking” option in mongosync command. More details:

  • In both source & target: authen by user “admin” with role “root”, it includes “setUserBlockWriting” and “bypassBlockWritingMode” actionType.
  • But as I know, user with “bypassBlockWritingMode” actionType can write even block writing.
  • Is there a conflict when it’s important for user to have both “setUserBlockWriting” and “bypassBlockWritingMode” to run mongosync in “blockWriting” mode, while target which have “bypassBlockWritingMode” can not be blocked writting?

So I would like to receive your support to find solution to set block writing correctly. Do I need to change user role or option in command?

Or we setup mongosync between 2 cluster with user role “root”, and we can test block writting with another user without “bypassBlockWritingMode”?

I look forward to hearing from you soon.

Solution:

  • User in mongosync connection config must have “setUserWriteBlocking” and “bypassWriteBlockingMode”.
  • User app don’t have above actions.
  • Connect mongosh with user app to check write blocking.