diff --git a/README.md b/README.md index a323cce3..4cc7a86c 100644 --- a/README.md +++ b/README.md @@ -12,22 +12,16 @@ There is also a WYSIWYG editor available in our [Mintlify dashboard](https://das ### Development -Install the [Mintlify CLI](https://www.npmjs.com/package/mintlify) to preview the documentation changes locally. To install, use the following command - -``` -npm i -g mintlify -``` - Run the following command at the root of your documentation (where mint.json is) ``` -mintlify dev +npx mintlify dev ``` Regularly check for broken links by running ``` -mintlify broken-links +npx mintlify broken-links ``` Navigation (and other global settings) is defined in `mint.json`. Learn more about these in [Mintlify's docs](https://mintlify.com/docs/settings/global). diff --git a/installation/database-setup.mdx b/installation/database-setup.mdx index 49e46e42..fb9d882b 100644 --- a/installation/database-setup.mdx +++ b/installation/database-setup.mdx @@ -356,20 +356,29 @@ replicated collections, additionally add the `dbAdmin` permission: ``` readWrite@._powersync_checkpoints +read@ dbAdmin@ ``` -If you are replicating from multiple databases in the cluster, you need read permissions on the entire cluster: +If you are replicating from multiple databases in the cluster, you need read permissions on the entire cluster, in addtion to the above: ``` readAnyDatabase@admin ``` -### Permissions required - Self-hosted +### Privileges required - Self-hosted / Custom roles + +For self-hosted MongoDB, or for creating custom roles on MongoDB Atlas, PowerSync requires the following privileges/granted actions: -For self-hosted MongoDB, PowerSync requires the `find`, `changeStream` and `listCollections` permissions on the database being replicated. +* On the database being replicated: `listCollections`. +* On all collections in the database: `changeStream`. + * This must apply to the entire database, not individual collections, `collection: ""`. + * If replicating from multiple databases, this must apply to the entire cluster, `db: ""`. +* On each collection being replicated: `find`. +* On the `_powersync_checkpoints` collection: `createCollection`, `dropCollection`, `find`, `changeStream`, `insert`, `update`, and `remove`. +* To allow PowerSync to automatically enable [`changeStreamPreAndPostImages`](#post-images) on +replicated collections, additionally add the `collMod` permission on all replicated collections. -PowerSync also requires `createCollection`, `dropCollection`, `insert`, `update`, and `remove` permissions to the `_powersync_checkpoints` collection. ### Post-Images @@ -381,11 +390,11 @@ PowerSync supports three configuration options for post-images: 1. `post_images: off`: Uses `fullDocument: 'updateLookup'` for backwards compatibility. This was the default for older instances. However, this may lead to consistency issues, so we strongly recommend enabling post-images instead. -2. `post_images: auto_configure` (Default for new instances): Automatically enables the `changeStreamPreAndPostImages` option on collections as needed. +2. `post_images: auto_configure` (Default for new instances): Automatically enables the `changeStreamPreAndPostImages` option on collections as needed. Requires the permissions/privileges mentioned above. 3. `post_images: read_only`: Uses `fullDocument: 'required'` and requires `changeStreamPreAndPostImages: { enabled: true }` to be set on every collection referenced in Sync Rules. Replication will error if this is not configured. This option is ideal when permissions are restricted. -* To manually configure collections for `read_only` mode, run this on each collection: +To manually configure collections for `read_only` mode, run this on each collection: ```js db.runCommand( { @@ -394,7 +403,7 @@ db.runCommand( { } ) ``` -* You can view which collections have the option enabled using: +You can view which collections have the option enabled using: ```js db.getCollectionInfos().filter(c => c.options?.changeStreamPreAndPostImages?.enabled)