From 943ea38678ee6b3bc1c329c3cc56d0e61d87088e Mon Sep 17 00:00:00 2001
From: Venky Shankar <vshankar@redhat.com>
Date: Wed, 10 Mar 2021 23:31:45 -0500
Subject: [PATCH] doc: clarify mirror daemon user capability requirements

Fixes: http://tracker.ceph.com/issues/49619
Signed-off-by: Venky Shankar <vshankar@redhat.com>
---
 doc/dev/cephfs-mirroring.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/dev/cephfs-mirroring.rst b/doc/dev/cephfs-mirroring.rst
index d99ea3c099ec0..ac2f13ef33a2e 100644
--- a/doc/dev/cephfs-mirroring.rst
+++ b/doc/dev/cephfs-mirroring.rst
@@ -30,7 +30,8 @@ Creating Users
 --------------
 
 Start by creating a user (on the primary/local cluster) for the mirror daemon. This user
-has restrictive capabilities on the MDS and the OSD::
+requires write capability on the metadata pool to create RADOS objects (index objects)
+for watch/notify operation and read capability on the data pool(s).
 
   $ ceph auth get-or-create client.mirror mon 'profile cephfs-mirror' mds 'allow r' osd 'allow rw tag cephfs metadata=*, allow r tag cephfs data=*' mgr 'allow r'
 
-- 
2.39.5