The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.
FAQ - What user roles are required to backup and restore Aerospike namespaces?
Detail
With the Security option in Aerospike Enterprise Edition it is possible to create a granular privilege structure of users and roles. When this is in place, what roles would be required to backup and restore Aerospike namespaces using the asbackup and _asrestore utilities?
Answer
asbackup
A backup is effectively a read of the namespace, only the read permission is required even if the namespace contains Secondary Indexes or UDFs.
asrestore
The restore process is more complex in that it is a write of the data in the backup file to the cluster. For this reason, the permissions required are those required to create the objects in question. The user executing asrestore should have the following roles.
- read-write-udf to allow creation of UDFs
- data-admin to allow creation of Secondary Indexes
If either UDFs or Secondary Indexes or both are not required the roles can be omitted though subsequent restores may fail if those objects are added to the source cluster.
Notes
- Details on asbackup and asrestore
- Details on Aerospike security
http://www.aerospike.com/docs/guide/security.html
Keywords
BACKUP RESTORE PERMISSIONS ROLES SECURITY FAILED ERROR
Timestamp
23rd August 2016