Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-23552

should preparing/explaining a statement require data permission?

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 5.0.0
    • query
    • None

    Description

      In the new RBAC scheme, running a N1QL query requires two types of permission: data permission (to access the data) and query permission (to run the statement itself). Preparing a statement or explaining a statement currently require the same permissions as running the query directly.

      But should we actually require the data permission to merely prepare or explain the statement? These actions doesn't access any data, and doesn't return any. So why require data permission?

      The thinking here is that some debugging and troubleshooting roles requires the ability to work with queries, but not necessarily to run them.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            keshav Keshav Murthy
            johan.larson Johan Larson (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty