Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: 5.0.0
Affects Version/s: 4.5.0
Component/s: fts
Security Level: Public
Labels:
None

Triage:
Untriaged
Is this a Regression?:
Unknown

Description

Need to double-check this, so this is sort of a to-do to double-check the theory...

When the user tries to define or access/search an index alias, according to the permission definitions...

https://github.com/couchbase/cbft/blob/master/rest_perm.go#L23

GET /api/index/{indexName}

cluster.bucket[<sourceName>].fts!read

The index alias does not actually have a sourceName (indeed, the index alias might have >= 0 target indexes, which in turn would each have a sourceName).

So the permission, according to my reading of the code, would devolve or collapse down to...

cluster.bucket.fts!read

...which might be the right permission for an index alias just to get a DP out the door.

But, a better permission for an index alias would be the union of the permissions of the target indexes that the index alias is to pointing to.

Attachments

Issue Links

duplicates

MB-23055 [FTS] RBAC: Unable to create alias on an index created by the same user on sasl bucket

Closed

is duplicated by

MB-18868 Bucket admin cannot update FTS index alias gets 401 and user is taken to login page

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Marty Schoch [X] (Inactive)

Reporter:: Steve Yen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Feb/16 7:06 PM

Updated:: 17/Mar/17 8:07 PM

Resolved:: 17/Mar/17 10:21 AM

Gerrit Reviews

There are no open Gerrit changes

[FTS] index aliases RBAC permissions are too high?

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty