From: Venky Shankar <vshankar@redhat.com>
Date: Thu, 11 Mar 2021 04:31:45 +0000 (-0500)
Subject: doc: clarify mirror daemon user capability requirements
X-Git-Tag: v17.1.0~2650^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F39845%2Fhead;p=ceph.git

doc: clarify mirror daemon user capability requirements

Fixes: http://tracker.ceph.com/issues/49619
Signed-off-by: Venky Shankar <vshankar@redhat.com>
---

diff --git a/doc/dev/cephfs-mirroring.rst b/doc/dev/cephfs-mirroring.rst
index d99ea3c099ec..ac2f13ef33a2 100644
--- a/doc/dev/cephfs-mirroring.rst
+++ b/doc/dev/cephfs-mirroring.rst
@@ -30,7 +30,8 @@ Creating Users
 --------------
 
 Start by creating a user (on the primary/local cluster) for the mirror daemon. This user
-has restrictive capabilities on the MDS and the OSD::
+requires write capability on the metadata pool to create RADOS objects (index objects)
+for watch/notify operation and read capability on the data pool(s).
 
   $ ceph auth get-or-create client.mirror mon 'profile cephfs-mirror' mds 'allow r' osd 'allow rw tag cephfs metadata=*, allow r tag cephfs data=*' mgr 'allow r'