Reason to use __system role in mongoDB.

torodb / stampede

The ToroDB solution to provide better analytics on top of MongoDB and make it easier to migrate from MongoDB to SQL

https://www.torodb.com/stampede/

GNU Affero General Public License v3.0

1.76k stars 118 forks source link

Reason to use __system role in mongoDB. #223

Closed karthik-sivadas closed 5 years ago

karthik-sivadas commented 5 years ago

Can you please provide a reason to use system MongoDB role because it's mentioned in the MongoDB documentation that not to assign this role to user objects representing applications or human administrators, other than in exceptional circumstances. Is there any other role which can be provided instead of system.

teoincontatto commented 5 years ago

Hi @karthik-sivadas, since ToroDB Stampede uses internal MongoDB API to replicate data it needs __system role to be allowed to access such low level capabilities.

karthik-sivadas commented 5 years ago

Hi, @teoincontatto Thank you for such a quick response. Was just curious if it's possible for you to guide me to as where can I find the list of actions to create a user role in MongoDB as given in the documentation (https://docs.mongodb.com/manual/reference/method/db.createRole/). As it's risky to give an application or a user __system role.

teoincontatto commented 5 years ago

Sadly I do not know any other way to allow ToroDB Stampede run as a replica without that level of permissions. But this make sense if you think about ToroDB Stampede as just another MongoDB Replica node.