Truncate or undo a truncation of namespaces or sets (server 5.1 - 5.7) Bin-level write operations (such as List or Map write operations) Record-level write operations (put, touch, delete) Global, per namespace, or per set in a namespace. Get server configuration and statistics Privileges are a fundamental unit of RBAC, and cannot be modified. A role is a collection of scoped privileges, and roles are granted to users. The server must be configured for Mutual TLS (mTLS).Ī privilege consists of permissions and a scope - global, per namespace, or per set within a specified namespace. Create a user normally with asadm, then generate an SSL cert for the user, signed by the server's root CA. You can restrict an internal user to PKI authentication by generating a strong random password for the user and not communicating it to them. Server 5.7: Added PKI auth as an alternative authentication mode for internal users (users created in Aerospike).Server 6.0: The FIPS 140-2 compliant "Federal Edition" variant of Aerospike EE restricts access to PKI or LDAP authentication modes.Audit trail messages can be sent to any log sink type ( file, console or syslog) that is defined in the logging config context. Server 6.3: Removed the syslog subcontext of the security config context.The table below displays the minimum client version for the following security features: Client Verify that your client versions supports this mixed environment prior to initiating the rolling restart.Īerospike Admin ( asadm) added support for mixed security modes in Tools package 7.0.0 and asadm 2.7.0 Client requirements In earlier versions of Aerospike EE, enabling access control required a cluster shutdown.ĭuring a rolling restart activation of RBAC, some nodes in the cluster authenticate the clients and some don't yet. You can enable RBAC in Aerospike EE through a rolling restart Requirements Aerospike server versions Refer to Overview of Access Control with LDAP and PKI for details. External users are defined in an LDAP server and authenticated against it. Internal users are created within Aerospike EE and authenticated with a password or a certificate using Public Key Infrastructure (PKI) auth. RBAC allows you to manage users, roles and privileges, and enable audit trail logging of security events.Īerospike EE supports several authentication modes. Role-based Access Control (RBAC) is a security feature of Aerospike Database Enterprise Edition (EE), and the FIPS 140-2-compliant Aerospike Database Enterprise Edition for United States Federal (FE).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |