Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
Description
With 5.0.0-3516 (RC5), Java SDK 2.5.0, data writer can not read.
According to spec, data writer should have read permission as well.
Steps:
- Create 'default' bucket
- Create 'datawriter' with 'password' and associate 'default' bucket
- Run following code
public class RbacTest {
public static void main(String[] args) {
// Initialize the Connection
Cluster cluster = CouchbaseCluster.create("172.23.123.244");
cluster.authenticate("datawriter", "password");
Bucket bucket = cluster.openBucket("default");
// Create a JSON Document
JsonObject arthur = JsonObject.create()
.put("name", "Arthur")
.put("email", "kingarthur@couchbase.com")
.put("interests", JsonArray.from("Holy Grail", "African Swallows"));
// Store the Document
bucket.upsert(JsonDocument.create("u:king_arthur", arthur));
// Load the Document and print it
// Prints Content and Metadata of the stored Document
System.out.println(bucket.get("u:king_arthur"));
}
}
Expected : no error
Actual : Exception in thread "main" com.couchbase.client.core.CouchbaseException: ACCESS_ERROR (Context: Authorization failure: can't execute GET operation without the Read privilege, Reference: a5664208-84cc-4974-13c0-468e8e455fd0)
According to this spec https://developer.couchbase.com/documentation/server/5.0/security/concepts-rba-for-apps.html#rbac_for_users_roles_and_privileges__table_data_writer_role
data writer should be able to read