ACL storage
Deephaven stores access control list (ACL) data in a backend database. This includes users, groups, passwords, public keys, and all access control rules.
Storage options
Deephaven supports two options for ACL data storage:
| Backend | Description | Recommended for |
|---|---|---|
| etcd | Distributed key-value store (same cluster as other config) | New installations (default) |
| SQL | MariaDB or MySQL database (dbacl_iris) | Legacy installations |
New installations default to etcd. Existing installations using MySQL continue to use MySQL unless explicitly migrated.
etcd storage
When using etcd for ACL storage, Deephaven leverages the same etcd cluster used for other system configuration. This is enabled by the following properties:
SQL storage
SQL-based ACL storage uses the dbacl_iris database. Configuration is set via properties:
Migrating from SQL to etcd
To migrate ACL data from SQL to etcd:
-
Export ACL data from the SQL store:
-
Update properties to use etcd (as shown above).
-
Import ACL data into etcd:
-
Restart all services using
dh_monit:
See Migrating ACLs to etcd for detailed instructions.
Backup and restore
Export ACL data
Export ACLs to an XML file using dhconfig acls:
Export specific ACL types:
Available types: passwd, publickeys, usergroup, tableacls, columnacls, inputtableeditors, groupstrategy, strategyaccount, systemuser.
Import ACL data
Warning
The --replace-all option deletes all existing ACL data before importing.
After import, restart the authentication server and ACL write server: