The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.

FAQ - When are Aerospike security privileges on a client connection checked?

Detail

The Aerospike Authentication allows cluster access to be controlled via a configured Access Control list. Both roles and privileges can be assigned to users at a cluster, namespace or set level. At what point are these security privileges checked? If a privilege is changed once a user has established a connection, what happens?

Answer

Privileges are checked when a connection is established and also periodically during the lifetime of the connection. The period of the check is defined by the server parameter privilege-refresh-period which defaults to 300 seconds / 5 minutes. If new privileges are granted or existing ones revoked, this will come into operation after the periodic check. This is a dynamic parameter and so can be changed during runtime.

Keywords

CLIENT CONNECTION USER PRIVILEGE CHECK

Timestamp

December 2019