User Permissions

On this page

Self-Managed Clusters

Atlas Clusters
Pre-6.0 Migrations

The user specified in the mongosync connection string must have the required permissions on the source and destination clusters. The permissions vary depending on your environment and if you want to modify write-blocking settings or use reverse sync.

Self-Managed Clusters

The self-managed permissions are:

Sync Type	Required Source Permissions	Required Destination Permissions
Default	`backup` `clusterMonitor` `readAnyDatabase`	`clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`
Dual Write-Blocking	`backup` `clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`	`clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`
Reversing	`backup` `clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`	`backup` `clusterManager` `clusterMonitor` `dbAdminAnyDatabase` `readWriteAnyDatabase` `restore`
Multiple Reversals	`backup` `clusterManager` `clusterMonitor` `dbAdminAnyDatabase` `readWriteAnyDatabase` `restore`	`backup` `clusterManager` `clusterMonitor` `dbAdminAnyDatabase` `readWriteAnyDatabase` `restore`

For details on server roles, see: Role-Based Access Control in Self-Managed Deployments.

To update user permissions, see: grantRolesToUser.

Atlas Clusters

The Atlas permissions are:

Sync Type	Required Source Permissions	Required Destination Permissions
default	atlasAdmin	atlasAdmin bypassWriteBlockMode privilege
dual write-blocking, reversing, or multiple reversals	atlasAdmin bypassWriteBlockMode privilege	atlasAdmin bypassWriteBlockMode privilege

For details on Atlas roles, see: Atlas User Roles.

To update Atlas user permissions, see: Manage Access to a Project.

Pre-6.0 Migrations

When migrating from a 4.4 source cluster, you must have clusterManager permissions on the source cluster.
Dual write-blocking and reverse sync are not supported.

Back

Logging

Telemetry