From f8be3679a16644f5fcdd79facf3e66ccfaa8d5db Mon Sep 17 00:00:00 2001 From: Anthony Sansone Date: Tue, 5 Jun 2018 23:28:01 -0500 Subject: [PATCH] (DOCS-11010): Update mongorestore grants. --- source/includes/access-mongorestore-collections.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/source/includes/access-mongorestore-collections.rst b/source/includes/access-mongorestore-collections.rst index 70513576228..ac31acc9f9d 100644 --- a/source/includes/access-mongorestore-collections.rst +++ b/source/includes/access-mongorestore-collections.rst @@ -5,14 +5,15 @@ access to restore any database if the backup data does not include .. include:: /includes/fact-restore-role-system.profile.rst -If running :binary:`~bin.mongorestore` with :option:`--oplogReplay `, the -:authrole:`restore` role is insufficient to replay the oplog. To replay -the oplog, create a :ref:`user-defined role ` -that has :authaction:`anyAction` on :ref:`resource-anyresource` and -grant only to users who must run :binary:`~bin.mongorestore` with +As of MongoDB 3.2.11, you can run :binary:`~bin.mongorestore` with +:option:`--oplogReplay ` if you have the +:authrole:`restore` role. To replay the oplog on versions of MongoDB +3.2.10 and earlier, you must create a +:ref:`user-defined role ` that has +:authaction:`anyAction` on :ref:`resource-anyresource` and grant only +to users who must run :binary:`~bin.mongorestore` with :option:`--oplogReplay `. - .. COMMENT per the following commit, choosing the anyAction/anyResource over the __system role. https://github.com/mongodb/docs/commit/237c44cd3b6e4b7dbe0c9077b7571c8b7ec5d7a5