From fb861e40f4fc59fee61e52848ecb77d30ddc021e Mon Sep 17 00:00:00 2001 From: idoko Date: Mon, 17 Mar 2025 09:01:28 +0100 Subject: [PATCH 1/3] document required permissions for PBM collector --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d457f860c..c22d14364 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ podman run -d -p 9216:9216 percona/mongodb_exporter:0.40 --mongodb.uri=mongodb:/ docker run -d -p 9216:9216 percona/mongodb_exporter:0.40 --mongodb.uri=mongodb://127.0.0.1:17001 ``` -#### Permissions +### Permissions Connecting user should have sufficient rights to query needed stats: ``` @@ -74,6 +74,24 @@ Connecting user should have sufficient rights to query needed stats: "db":"local" } ``` +When using the PBM collector to get metrics from Percona Backup for MongoDB, the user should also have enough permissions +to query the PBM internal collectors (in the `admin` database). One option is to grant `find` privileges on the `admin` collection: +``` +privileges: [ + { resource: { db: "admin", collection: "" }, actions: [ "find" ] }, +], +``` + +Alternatively, you can grant the `find` privilege for each PBM internal collection (see: https://docs.percona.com/percona-backup-mongodb/details/control-collections.html): +``` +privileges: [ + { resource: { db: "admin", collection: "pbmBackups" }, actions: [ "find" ] }, + { resource: { db: "admin", collection: "pbmAgents" }, actions: [ "find" ] }, + { resource: { db: "admin", collection: "pbmConfig" }, actions: [ "find" ] }, + ... +], +``` +However, this is not recommended as the list of internal collections may change in future releases. More info about roles in MongoDB [documentation](https://docs.mongodb.com/manual/reference/built-in-roles/#mongodb-authrole-clusterMonitor). From 723ed477e2b7354c1f9ea5b869d520d2e4842f3e Mon Sep 17 00:00:00 2001 From: idoko Date: Tue, 18 Mar 2025 07:04:43 +0100 Subject: [PATCH 2/3] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c22d14364..c4bc9eb35 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ Connecting user should have sufficient rights to query needed stats: } ``` When using the PBM collector to get metrics from Percona Backup for MongoDB, the user should also have enough permissions -to query the PBM internal collectors (in the `admin` database). One option is to grant `find` privileges on the `admin` collection: +to query the PBM internal collections (in the `admin` database). One option is to grant `find` privileges on the `admin` collection: ``` privileges: [ { resource: { db: "admin", collection: "" }, actions: [ "find" ] }, From a8f3d9615576a1f5ff7f738abc136b42e70abfec Mon Sep 17 00:00:00 2001 From: idoko Date: Sun, 23 Mar 2025 22:49:37 +0100 Subject: [PATCH 3/3] change grammar --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c4bc9eb35..8abe7670c 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ Connecting user should have sufficient rights to query needed stats: "db":"local" } ``` -When using the PBM collector to get metrics from Percona Backup for MongoDB, the user should also have enough permissions +When using the PBM collector to get metrics from Percona Backup for MongoDB, the user should also have sufficient privileges to query the PBM internal collections (in the `admin` database). One option is to grant `find` privileges on the `admin` collection: ``` privileges: [