User Permissions

On this page

Self-Managed Clusters

Atlas Clusters

The user specified in the mongosync connection string must have the required permissions on the source and destination clusters. The permissions vary depending on your environment and if you want to run a write-blocking or reverse sync.

Self-Managed Clusters

The self-managed permissions are:

Sync Type	Required Source Permissions	Required Destination Permissions
Default	`backup` `clusterMonitor` `readAnyDatabase`	`clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`
Write-blocking	`backup` `clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`	`backup` `clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`
Reversing	`backup` `clusterManager` `clusterMonitor` `readWriteAnyDatabase` `restore`	`backup` `clusterManager` `clusterMonitor` `dbAdminAnyDatabase` `readWriteAnyDatabase` `restore`

For details on server roles, see: Role-Based Access Control in Self-Managed Deployments.

To update user permissions, see: grantRolesToUser.

Atlas Clusters

The Atlas permissions are:

Sync Type	Target	Required Permissions
default	source cluster	atlasAdmin backup
default	destination cluster	atlasAdmin
write-blocking or reversing	source cluster	atlasAdmin backup bypassWriteBlockMode privilege
write-blocking or reversing	destination cluster	atlasAdmin backup bypassWriteBlockMode privilege

For details on Atlas roles, see: Atlas User Roles.

To update Atlas user permissions, see: Manage Access to a Project.

Back

Logging

Telemetry