The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.
Exception ERROR:81:role violation When Running UDF Through Client
Problem Description
A user is set up with read-write-udf
permission, verified via aql
:
aql> show users
+-------------+------------------------------+
| user | roles |
+-------------+------------------------------+
| "udfrunner" | "read-write, read-write-udf" |
+-------------+------------------------------+
1 rows in set (0.001 secs)
However, trying to run a UDF as this user with code like the following
(example in Java) results in an ERROR:81:role violation
exception.
public static void test2(AerospikeClient client,Statement stmt) {
// UDF truncate.truncate_set() removes all records from namespace/set in stmt
System.out.println("Beginning UDF execution...");
ExecuteTask task = client.execute(new writePolicy(), stmt, "truncate", "truncate_set");
task.waitTillComplete(1000, 0);
System.out.println("Done executing UDF.");
}
Explanation
As described in Configuring Access
Control,
the read-write-udf
privilege allows the user to execute UDFs, and
in fact, in the example above, the records do actually get removed
even though the role violation exception is thrown. However, using
the scan-query job monitoring system, which is what the
task.waitTillComplete()
method needs to find out whether the task
is complete, requires data-admin
privilege, as job monitoring subsystem
also allows to abort a running job.
Solution
Either grant the data-admin
permission to that role for the
necessary namespace and set, or remove the call to
task.waitTillComplete()
and find some other method of determining
when the UDF has finished.
Keywords
UDF ERROR CODE 81 EXCEPTION SECURITY ROLE USER PERMISSION READ-WRITE-UDF DATA-ADMIN
Timestamp
April 2020