Error backing up cluster with only Data Backup & Restore role assigned to user

Couchbase Server
1

We are trying to backup a Couchbase 5.5.2 testing cluster, but the cbbackupmgr backup stops with this error:

2018-10-09T19:06:36.913+02:00 (Plan) Data transfer completed after 6.195562578s
2018-10-09T19:06:36.929+02:00 (Plan) Transfering Eventing metadata
2018-10-09T19:06:36.930+02:00 (Rest) GET http://localhost:8091/pools/default/nodeServices 200
2018-10-09T19:06:36.950+02:00 (Rest) GET http://192.168.55.1:8096/api/v1/export 403
2018-10-09T19:06:36.960+02:00 ERRO: : – plan.(*events).execute() at events.go:43
2018-10-09T19:06:36.960+02:00 (Plan) Transfer plan failed due to error :
2018-10-09T19:06:36.961+02:00 (Cmd) Error backing up cluster: :

It’s seems like the user ‘backup’ with Data Backup & Restored role assigned, has no access to http://192.168.55.1:8096/api/v1/export .

If we assign Full Admin role to ‘backup’ user, then ‘backup’ can access to http://192.168.55.1:8096/api/v1/export

If we assign all roles, except Full Admin, to ‘backup’ user, then ‘backup’ can not access to http://192.168.55.1:8096/api/v1/export

Our Couchbase Eventing service config has no functions running currently.

How can setup security for our backup user to run Couchbase backups, without Full Admin role assigment?

Thanks.

2

@jlopez thanks for bringing this to our attention - this seems to be a bug with our rbac role of “Data Backup & Restore” role - https://issues.couchbase.com/browse/MB-31639 has been filed for this issue - will most likely be fixed in our next maintenance release for 5.5.

1 Like
3

did we resolve this problem in Couchbase 6.5 ?
I am getting below error :

Backing up to 2020-10-18T21_08_52.882697889Z
Copying at 196.03KB/s (about 0h 0m 0s remaining) 7303 items / 3.10MB
beer-sample [============================================================================================================================= ] 100.00%
Error backing up cluster: Invalid permissions to backup eventing data
Backed up bucket “beer-sample” failed
Mutations backed up: 7303, Mutations failed to backup: 0
Deletions backed up: 0, Deletions failed to backup: 0

4

According to MB-31639, it is now scheduled for a release after the next major release.

By the way, if this is important to you and you have an Enterprise Subscription, you may be able to get it further prioritized through Support or your account team.

5

thank you … was planning to use this user in backup pod to take periodic backup passing the user password directly .
But as this is not working we will use different process.
appreciate your help anyways.