Docs Menu

Docs HomeMongoDB Cluster-to-Cluster Sync

User Permissions

On this page

  • Self-Managed Clusters
  • Atlas Clusters

The user specified in the mongosync connection string must have the required permissions on the source and destination clusters. The permissions vary depending on your environment and if you want to run a write-blocking or reverse sync.

The self-managed permissions are:

Sync Type
Target
Required Permissions
default
source cluster
  • readAnyDatabase

  • backup

  • clusterMonitor

default
destination cluster
  • readWriteAnyDatabase

  • restore

  • clusterMonitor

  • clusterManager

write-blocking or reversing
source cluster
  • readWriteAnyDatabase

  • backup

  • restore

  • clusterMonitor

  • clusterManager

write-blocking or reversing
destination cluster
  • readWriteAnyDatabase

  • backup

  • restore

  • clusterMonitor

  • clusterManager

For details on server roles, see: Role-Based Access Control.

To update user permissions, see: grantRolesToUser.

The Atlas permissions are:

Sync Type
Target
Required Permissions
default
source cluster
  • atlasAdmin

  • backup

default
destination cluster
  • atlasAdmin

write-blocking or reversing
source cluster
  • atlasAdmin

  • backup

  • bypassWriteBlockMode privilege

write-blocking or reversing
destination cluster
  • atlasAdmin

  • backup

  • bypassWriteBlockMode privilege

For details on Atlas roles, see: Atlas User Roles.

To update Atlas user permissions, see: Manage Access to a Project.

←  LoggingTelemetry →
Share Feedback
© 2023 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2023 MongoDB, Inc.