Details
-
Task
-
Resolution: Fixed
-
Minor
-
None
-
None
-
12: Logging,Indexing, PE/SB
-
1
Description
The standard Sync Gateway documentation recommends using the role: Sync Gateway (mobile_sync_gateway) for the Sync Gateway service account, and mentions that the bucket_full_access permission is being deprecated: https://docs.couchbase.com/sync-gateway/current/start/gs-sgw-prereqs.html#step-2create-rbac-user
However, the CBAO documentation still states to use the bucket_full_access permission for the sync gateway: https://docs.couchbase.com/operator/current/tutorial-sync-gateway.html
The CouchbaseGroup resource also does not list the mobile_sync_gateway permission as an available option: https://docs.couchbase.com/operator/current/reference-couchbasegroup.html#spec-roles-name
I have tested a CouchbaseGroup resource with this permission defined in the manifest, and it is rejected by the DAC.