MongoByte
Welcome to the new MongoDB Feedback Portal!
{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.
Welcome to the new MongoDB Feedback Portal!
{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.
MongoDB Atlas compliance backup policies (which are a super nice feature to have!) have a "security or legal representative" attached that is the only person allowed to ask to disable it, lower its constraints, or delete backups that it safeguards.
As stated in the doc (emphasis mine):
After you enable a Backup Compliance Policy, only MongoDB support can approve requests to disable the Backup Compliance Policy from the security or legal representative specified for the Backup Compliance Policy. After MongoDB Support approves the request, Project Owners can disable the Backup Compliance Policy.
To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must open a case to request support and complete an extensive verification process.
Having a single representative makes it subject to a serious bus factor and makes the given representative a human SPOF.
If the representative gets hit by a bus, is unreachable for personal reasons, etc., it means that e.g. we wouldn't be able to remove a backup that is protected by a compliance policy even if we truly need to do it for legal reasons. Having limitation on who can do such a process, and having to go through MongoDB Support and identity validation for that is fine and is the objective of such policies, but it being tied to a single individual isn't ideal.
It would be nice if we were able to either:
provide a list of security or legal representatives, to spread the risk over 2-3 people
or even have a more advanced capability like the Multi-Party Approval of AWS and how they implement it for AWS Backup logically air-gapped vaults
We only allow one authorized point of contact email per Backup Compliance Policy. If the current authorized POC leaves the company or you want to change the POC, we do have a process for this that involves either the current authorized point of contact or a legal counsel / designated signatory depending on the situation.
You can also use a group or distribution email list as a point of contact for the BCP, as long as an account associated with that email can raise a ticket in the support portal to request disablement of the Backup Compliance Policy. This allows you to have >1 person with access to approve disablement of the BCP, although we don’t recommend this as it defeats the purpose of limiting access to one person.