Details
-
Task
-
Resolution: Won't Fix
-
Critical
-
spock
-
Mixed node cluster: 4.6.1-3652 to 5.0.0-3088
-
DOC-S2-Nov03, DOC-S3-Nov17, DOC-S4-Dec01, DOC-S5-Dec15, DOC-S6-Dec29, DOC-S7-Jan12, DOC-S8-Jan26
Description
1. create a 2node cluster with following configuration:
a. 1 node with 4.6.1-3652 having kv,index and n1ql on it.
b. second node with 5.0.0-3088 having kv,index and n1ql on it.
2. create a bucket bucket0 with password as password and bucket bucket1 with password as password1.
3. Enable pam authentication on node with version 4.6.1-3652.
4. create a user hello with role bucket_admin on bucket-1 as shown in screenshot.
5. Add password to user hello through pam:
[root@localhost bin]# useradd hello
[root@localhost bin]# passwd hello
6. Try accessing bucket0 as follows:
cbq> [root@localhost bin]# ./cbq -u hello -p password |
Connected to : http://localhost:8091/. Type Ctrl-D or \QUIT to exit. |
|
Path to history file for the shell : /root/.cbq_history |
cbq> select * from `bucket0` limit 1; |
{
|
"requestID": "798239c2-b1e6-4017-b6a1-6c2c598ae074", |
"signature": { |
"*": "*" |
},
|
"results": [ |
],
|
"errors": [ |
{
|
"code": 13014, |
"msg": "User does not have credentials to access privilege cluster.bucket[bucket0].n1ql.select!execute. Add role Query Select [bucket0] to allow the query to run." |
}
|
],
|
"status": "stopped", |
"metrics": { |
"elapsedTime": "9.654247ms", |
"executionTime": "9.593159ms", |
"resultCount": 0, |
"resultSize": 0, |
"errorCount": 1 |
}
|
}
|
cbq> select * from `bucket0` limit 1; |
{
|
"requestID": "169767cf-c90f-480a-b043-25fe38f1721a", |
"signature": { |
"*": "*" |
},
|
"results": [ |
],
|
"errors": [ |
{
|
"code": 10000, |
"msg": "Authorization Failed Keyspace bucket0" |
}
|
],
|
"status": "stopped", |
"metrics": { |
"elapsedTime": "25.475994ms", |
"executionTime": "25.389368ms", |
"resultCount": 0, |
"resultSize": 0, |
"errorCount": 1 |
}
|
}
|
cbq>
|
|
|
The error message should always be "Authorization Failed Keyspace bucket0".
In this particular cluster there is no query select[bucket0] role in UI.Hence the user cannot select that.