FAQ - What user privileges are required to backup and restore Aerospike namespaces


#1

FAQ - What user roles are required to backup and restore Aerospike namespaces?

Detail

With the Security option in Aerospike Enterprise Edition it is possible to create a granular privilege structure of users and roles. When this is in place, what roles would be required to backup and restore Aerospike namespaces using the asbackup and _asrestore utilities?

Answer

asbackup

A backup is effectively a read of the namespace, only the read permission is required even if the namespace contains Secondary Indexes or UDFs.

asrestore

The restore process is more complex in that it is a write of the data in the backup file to the cluster. For this reason, the permissions required are those required to create the objects in question. The user executing asrestore should have the following roles.

  • read-write-udf to allow creation of UDFs
  • data-admin to allow creation of Secondary Indexes

If either UDFs or Secondary Indexes or both are not required the roles can be omitted though subsequent restores may fail if those objects are added to the source cluster.

Notes

  • Details on asbackup and asrestore

http://www.aerospike.com/docs/tools/backup/asbackup.html

  • Details on Aerospike security

http://www.aerospike.com/docs/guide/security.html

Keywords

BACKUP RESTORE PERMISSIONS ROLES SECURITY FAILED ERROR

Timestamp

23rd August 2016


Role_violation when restoring namespace containing UDFs