Detail
With the Security option in Aerospike Enterprise Edition it is possible to create a granular privilege structure of users and roles. When this is in place, what roles would be required to backup and restore Aerospike namespaces using the asbackup and _asrestore utilities?Answer
asbackup
A backup is effectively a read of the namespace, only the read permission is required even if the namespace contains Secondary Indexes or UDFs.
asrestore
The restore process is more complex in that it is a write of the data in the backup file to the cluster. For this reason, the permissions required are those required to create the objects in question. The user executing asrestore should have the following roles.
- read-write-udf to allow creation of UDFs
- data-admin to allow creation of Secondary Indexes
If either UDFs or Secondary Indexes or both are not required the roles can be omitted though subsequent restores may fail if those objects are added to the source cluster.
Notes
- asbackup/asrestore documentation
- Configuring Aerospike Access Control