Batch transaction against a set with set level permissions throws role violation

Batch transaction against a set with set level permissions throws role violation

Problem Description

When a role has been given set level permissions, when a batch call is made as follows, a role violation error is returned even if the user has the role with correct permissions:

this.aerospikeClient.get((BatchPolicy)null, Arrays.asList(new Key("namespacename", "setname", "uhwfhj3jg4kwf|24238")).toArray(new Key[0]))

Returned error:

2019-11-15T14:55:25.654+08:00 [APP/PROC/WEB/0] [OUT] Caused by: com.aerospike.client.AerospikeException: Error 81,1,30000,0,2,DBxx xx.xx.xx.xx 4333: Role violation

However the following command would return data without issue:

this.aerospikeClient.get((BatchPolicy)null, new Key("namespacename", "setname", "uhwfhj3jg4kwf|24238"))

Explanation

When issuing batch transactions when there are set level permissions enforced, the sendSetName policy must be set to true (the default is false). This is due to the fact that a batch could request records across different sets and the authentication and authorization is done early in the transaction flow.

Solution

Consult the relevant API reference for the client in question to set the sendSetName policy to true.

Keywords

SENDSETNAME SET LEVEL PERMISSIONS BATCH ROLE VIOLATION

Timestamp

November 2019

© 2015 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.