diff --git a/source/includes/access-mongodump-collections.rst b/source/includes/access-mongodump-collections.rst index 7849f2783be..bb8c4f8a81b 100644 --- a/source/includes/access-mongodump-collections.rst +++ b/source/includes/access-mongodump-collections.rst @@ -1,12 +1,14 @@ To backup all the databases in a cluster via :program:`mongodump`, you should have the :authrole:`backup` role. The :authrole:`backup` role provides -all the needed privileges for backing up all database. The role confers no +the necessary privileges for backing up all databases. The role confers no additional access, in keeping with the policy of :term:`least privilege`. To backup a given database, you must have ``read`` access on the database. Several roles provide this access, including the :authrole:`backup` role. -To backup the ``system.profile`` collection in a database, you must have -``read`` access on certain system collections in the database. Several roles -provide this access, including the :authrole:`clusterAdmin` and +To backup the :data:`system.profile <.system.profile>` +collection, which is created when :ref:`database profiling +` is activated, you must have **additional** +``read`` access on certain system collections in the database. Several +roles provide this access, including the :authrole:`clusterAdmin` and :authrole:`dbAdmin` roles. diff --git a/source/reference/built-in-roles.txt b/source/reference/built-in-roles.txt index 9009abb015b..e5ca2893850 100644 --- a/source/reference/built-in-roles.txt +++ b/source/reference/built-in-roles.txt @@ -315,6 +315,13 @@ restoring data: backup agent, or to use :program:`mongodump` to back up an entire :program:`mongod` instance. + To backup the :data:`system.profile <.system.profile>` + collection, which is created when :ref:`database profiling + ` is activated, you must have **additional** + ``read`` access on certain system collections in the database. Several + roles provide this access, including the :authrole:`clusterAdmin` and + :authrole:`dbAdmin` roles. + .. todo: should we document the mms.backup collection in the system-collections document?