Reputation: 8857
How to maintain custom ACL in backup/restore of eXist-db
I am upgrading a database from eXist 2.2 to 4.5. I used the Java Admin Client to create a backup of the entire eXist 2.2 database. I have a fresh install of eXist 4.5 running.
I moved the ZIP over and did a restore.
When I navigate the databases and examine, I see an obvious issue (to me at least) as I have extensive use of ACL for Groups with certain access to components.
Examining these side-by-side shows the issue:
On the left is the new server, on the right is the old server. All the custom ACL's depicted by the "+" sign next to the files are gone. This only occurs in one collection in which an error was reported during restore that permissions could not be set.
Now, in that collection there is only about 40 files needing custom ACLs so it is not a HUGE deal to fix that, but the question is why or did we do something wrong? I would note that many other folders did not have this issue and all permissions were set.
Update based on questions:
Looks like a user group is missing ... and I think I know why 2019-05-17 21:50:13,226 [java-admin-client-0.restore] ERROR (CollectionDeferredPermission.java [apply]:65) - ERROR: Failed to set permissions on Collection '/db/EIDO/data/edit'. org.xmldb.api.base.XMLDBException: Failed to invoke method setPermissions in class org.exist.xmlrpc.RpcConnection: Permission to modify permissions is denied for user 'admin' on '/db/EIDO/data/edit': User Group for groupname 'NA_Territory' is unknown. at org.exist.xmldb.RemoteUserManagementService.setPermissions(RemoteUserManagementService.java:187) ~[exist.jar:4.5.0] at org.exist.backup.restore.CollectionDeferredPermission.apply(CollectionDeferredPermission.java:56) ~[exist.jar:4.5.0] at org.exist.backup.restore.RestoreHandler.setDeferredPermissions(RestoreHandler.java:465) ~[exist.jar:4.5.0] at org.exist.backup.restore.RestoreHandler.endElement(RestoreHandler.java:137) ~[exist.jar:4.5.0] at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.11.0.jar:?] at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown So
Upvotes: 0
Views: 106
Answers (1)
Reputation: 3517
So if the backup that you are trying to restore does not contain the security collection (/db/system/security/exist), and other resources in the backup depend on users/groups defined in there, which are not present in the server you are importing the backup to, then you will see such errors.
You should either include the security collection in your backup, or just the users/groups that you need to also backup and restore.
Upvotes: 1
Related Questions
- backup and restore permissions
- Migrating from Exist DB 2.1 to 5.x - Missing modules/functions
- exist-db how to access a pdf
- How to solve empty parameters passed to an XQuery function in eXist-db
- Exist-DB Upgrading legacy application from 1.4 to 2.2
- Return link to file stored in eXist db on remote server
- Migration from eXist-db 1.4.x to 2.x
- Writing one XQuery script in exist-db with support for multiple output formats
- Printing output from exist-db to a file
- Export user und user acl via script in CQ5