Detail
When configuring the roles for backup and recover, note that the backup role will require read permission and the recovery role will require write access to the database.
Answer
The process below outlines creating the roles and users separately as this will allow you to split out functions for separation of operations however you can combine privileges into a single role or user depending on your operational needs. For more information about permission configuration refer to the documentation covering access controls in Aerospike as well as the documentation on privileges, permissions and scopes.
Configuring a dedicated backup user for backing up data from Aerospike with asbackup.
- Create the role for the backup role with read privileges
manage acl create role backup priv read
- You can additionally restrict the role to a specific namespace or namespaces
manage acl create role backup priv read ns prod_namespace_1
- Or further restrict the role to a set
manage acl create role backup priv read ns prod_namespace_1 set dataset_2
- Create a backup user and assign it to the new backup role
manage acl create user bkup password beepbeep role backup
Configuring a dedicated data recovery user for use with asrecovery.
- Create the role for the recovery role and user with write privileges.
manage acl create role recovery priv write
- You can also restrict the role to namespace
manage acl create role recover_prod_ns1 priv write ns prod_namespace_1
- Or to a set
manage acl create role recover_prod_ns1_set2 priv write ns prod_namespace_1 set dataset_2
- Create a recovery user and assign it to the new recovery role
manage acl create user recov password peeb427peeb role recovery