DOCCORE-54 Clarify that dump cmd does not support backing up db metadata #2769
Conversation
renetapopova
left a comment
renetapopova
left a comment
There was a problem hiding this comment.
Thanks, @NataliaIvakina. I added some suggestions, but I might need to review it again and also check all mentions of --include-metadata in the manual.
| ---- | ||
| ==== | ||
|
|
||
| The `neo4j-admin database backup` command with the `--type=full` argument creates a xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact] file in the format of _<databasename><timestamp>.backup_, called in the target location (`--to-path`). |
There was a problem hiding this comment.
| The `neo4j-admin database backup` command with the `--type=full` argument creates a xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact] file in the format of _<databasename><timestamp>.backup_, called in the target location (`--to-path`). | |
| The `neo4j-admin database backup full` command with the `--type=full` argument creates a xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact] file in the format of _<databasename><timestamp>.backup_, called in the target location (`--to-path`). |
There was a problem hiding this comment.
Where do we mention the neo4j-admin database backup full command? Do we have it in the code?
There was a problem hiding this comment.
we have ... import full and ... import incremental. But we don't have ... backup full or ... backup differential commands.
|
|
||
| The `neo4j-admin database backup` command with the `--type=full` argument creates a xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact] file in the format of _<databasename><timestamp>.backup_, called in the target location (`--to-path`). | ||
|
|
||
| The `neo4j-admin database backup` command allows you to include metadata, enabling the backup to store the role-based access control (RBAC) settings associated with the database. |
There was a problem hiding this comment.
| The `neo4j-admin database backup` command allows you to include metadata, enabling the backup to store the role-based access control (RBAC) settings associated with the database. | |
| By default, the backup file also contains the users and roles metadata associated with the database. | |
| You can change whether you want it to be included or not using the argument `--include-metadata`. |
| ==== | ||
|
|
||
| The `neo4j-admin database backup` command with the `--type=full` argument creates a xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact] file in the format of _<databasename><timestamp>.backup_, called in the target location (`--to-path`). | ||
|
|
|
|
||
| The `neo4j-admin database dump` command creates a single-file archive, that follows the format _<databasename><timestamp>.dump_, and stores it in the xref:configuration/file-locations.adoc#data[_<NEO4J_HOME>/data_] directory. | ||
|
|
||
| Note that when using `neo4j-admin database dump`, only the database contents are backed up; database metadata and associated RBAC settings are not included. |
There was a problem hiding this comment.
What are these RBAC settings? Also, I think we need to find all places where we mention --include-metadata and update them accordingly, as by default the backup command backs up all users and roles, unless you specified something different from the default all.
| Note that when using `neo4j-admin database dump`, only the database contents are backed up; database metadata and associated RBAC settings are not included. | |
| Note that the dump archive contains only the database contents without the associated users and roles metadata. |
There was a problem hiding this comment.
RBAC settings are privileges assigned to the users' roles (on the database level), and you can back up users' roles and their privileges by specifying --include-metadata in your backup command. It is possible to use just --include-metadata (then the default value is all) or to define what to back up:
-
roles- include commands to create the roles and privileges (for both database and graph) that affect the use of the database. -
users- include commands to create the users that can use the database and their role assignments. If a list of users is specified (e.g. users=alice,bob,charlie), only those users are included in the backup.
The Cypher script will be created with users roles and privileges, or RBAC settings associated with the database.
There was a problem hiding this comment.
I think this is in line with our RBAC -- https://neo4j.com/docs/operations-manual/current/authentication-authorization/manage-privileges/
| ==== | ||
| By default, a database backup includes only the database contents. | ||
| If you choose to include metadata, the backup also stores the role-based access control (RBAC) settings associated with the database. | ||
| In the Enterprise edition, the `neo4j-admin database backup` command also allows you to include metadata, enabling the backup to store the role-based access control (RBAC) settings associated with the database. |
There was a problem hiding this comment.
It backs the metadata by default. Actually, it allows you to not include it if you want. Also, I'm not sure what we meant by settings "? I added a suggestion for the above sentence.
| In the Enterprise edition, the `neo4j-admin database backup` command also allows you to include metadata, enabling the backup to store the role-based access control (RBAC) settings associated with the database. |
There was a problem hiding this comment.
Where do we say that that metadata is backed up by default?
There was a problem hiding this comment.
See https://neo4j.com/docs/operations-manual/current/backup-restore/restore-backup/#_restore_users_and_roles_metadata.
It says If you have backed up a database with the option --include-metadata, you can manually restore the users and roles metadata.
I assume it means you must include the option --include-metadata into your backup command. Without this option, the backup file doesn't contain file with users and their roles.
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| By default, a database backup includes only the database contents. |
There was a problem hiding this comment.
| By default, a database backup includes only the database contents. | |
| By default, when backing up a database using the `neo4j-admin database backup` command (Enterprise edition), the backup archive includes both the database contents and the users and roles metadata. | |
| You can control whether you want to include the users, roles, all, or none using the argument xref:backup-restore/online-backup.adoc#backup-command-options[`--include-metadata`]. |
There was a problem hiding this comment.
I might be wrong, but you have to specify --include-metadata if you want to back up users' roles and privileges (on a database level). If you use just --include-metadata, the default value is all meaning that both users and roles are included. But anyway you have to include --include-metadata flag in your backup command. If you just run bin/neo4j-admin database backup --to-path=/path/to/backups/neo4j neo4j, no metadata is included.
Co-authored-by: Reneta Popova <[email protected]>
|
This PR includes documentation updates Updated pages: |
3 participants
No description provided.