Live loader - Option to skip unauthorized predicates

I am migrating from one shared to another shared instance of DGraph Cloud using the live loader as documented here

I did create an export (json) using the DGraph Cloud interface and downloaded it to mu computer, but when using the live loader – towards the end I get multiple errors which stop the process from completing

Error while mutating: unauthorized to mutate acl predicates: dgraph.xid
Error while mutating: unauthorized to mutate acl predicates:
Error while mutating: unauthorized to mutate acl predicates: dgraph.password

I didn’t find an option in the live loader documentation how to skip certain predicates, so my solution was to ungzip the JSON , remove those predicates, rezip it and run the live loader

Am I missing something?

P.S. the API key I use for importing is of type Admin

Yeah, I know. There was a request to remove those predicates from export and exibing it in the schema. What version are you using?

export from v21.03.0-78-ge4ad0b113 import into v21.03.0-78-ge4ad0b113 used dgraph live from docker image dgraph/dgraph:v21.03-slash

1 Like

@jcsrb can you share the command you are using to live load?

docker run -it --rm -v /Users/jakob/work/dgraph/g01.json.gz:/tmp/g01.json.gz dgraph/dgraph:v21.03-slash \
  dgraph live --slash_grpc_endpoint=<server> -f /tmp/g01.json.gz -t <api-key>
1 Like

I see. It seems that this procedure is on the right track. However, the schema and RDF appear to have namespaced data. Can you check? Below is the example.

My conclusion is that since it is an instance that has ACL enabled, it imagines that it should export the ACL context along. It seems to be a lack of foresight of the situation. It shouldn’t export with Namespaces. We may have to add an option to disable(filter out) the ACL context when it is Shared instances.

So, In order that your load was completed successfully. You should log in as groot. But it is not possible as it is not a dedicated instance.


[0x0] <dgraph.rule.predicate>:string @index(exact) @upsert . 
[0x0] <dgraph.graphql.p_query>:string @index(sha256) . 
[0x0] <dgraph.rule.permission>:int . 
[0x0] type <Review> {


<0x1> <dgraph.xid> "guardians"^^<xs:string> <0x0> .
<0x2> <> <0x1> <0x0> .
<0x8> <> <0x1> <0x0> .
<0xb> <dgraph.rule.predicate> "Review.about"^^<xs:string> <0x0> .
<0xc> <dgraph.rule.predicate> ""^^<xs:string> <0x0> .
<0xd> <dgraph.rule.predicate> "Review.rating"^^<xs:string> <0x0> .
<0x1> <dgraph.type> "dgraph.type.Group"^^<xs:string> <0x0> .
<0x2> <dgraph.type> "dgraph.type.User"^^<xs:string> <0x0> .
<0x1> <dgraph.acl.rule> <0xb> <0x0> .
<0x1> <dgraph.acl.rule> <0xc> <0x0> .
<0x1> <dgraph.acl.rule> <0xd> <0x0> .
<0x1> <dgraph.acl.rule> <0xe> <0x0> .
<0x1> <dgraph.acl.rule> <0xf> <0x0> .
<0x2> <dgraph.password> "$2a$10$KE4j5XZhjQ/Ojj8DgToDQT32vAC"^^<xs:password> <0x0> .
<0x8> <dgraph.password> "$2a$10XiIhDnttPde8KfHJieONqDMOg3v2"^^<xs:password> <0x0> .
<0x18> <dgraph.rule.permission> "7"^^<xs:int> <0x0> .

New issue

In the exported schema, I have the following dgraph related lines

[0x57e99] <dgraph.xid>:string @index(exact) @upsert . 
[0x57e99] <dgraph.type>:[string] @index(exact) . 
[0x57e99] <dgraph.drop.op>:string . 
[0x57e99] <dgraph.acl.rule>:[uid] . 
[0x57e99] <dgraph.password>:password . 
[0x57e99] <>:[uid] @reverse . 
[0x57e99] <dgraph.graphql.xid>:string @index(exact) @upsert . 
[0x57e99] <dgraph.graphql.schema>:string . 
[0x57e99] <dgraph.rule.predicate>:string @index(exact) @upsert . 
[0x57e99] <dgraph.graphql.p_query>:string @index(sha256) . 
[0x57e99] <dgraph.rule.permission>:int . 

[0x57e99] type <dgraph.graphql> {
[0x57e99] type <dgraph.type.Rule> {
[0x57e99] type <dgraph.type.User> {
[0x57e99] type <dgraph.type.Group> {
[0x57e99] type <dgraph.graphql.persisted_query> {

in the RDF I don’t hav eany dgraph.acl.rule
but and dgraph.password and dgraph.xid

<0x1a48a00750> <dgraph.xid> "guardians"^^<xs:string> <0x57e99> .
<0x1a48a00751> <dgraph.xid> "groot"^^<xs:string> <0x57e99> .
<0x1a48a00751> <> <0x1a48a00750> <0x57e99> .
<0x1a48a00751> <dgraph.password> "encrypted password"^^<xs:password> <0x57e99> .

Yeah, this is expected. Theory hits. We should export without ACL. The value [0x57e99] represents your namespace on the shared cluster.

1 Like