Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.6.3, 5.0.0
-
Triaged
-
No
Description
An email came in via support from a customer.
Using 4.5.1, they created a user with the "Cluster Admin" role, yet that user couldn't see the Query Workbench.
I investigated, and saw that the RBAC permissions for the user are:
"cluster.admin.internal!all": false,
"cluster.admin.logs!read": false,
"cluster.admin.security!read": false,
"cluster.admin.security!write": false,
Since the "Cluster Admin" role is defined as "Can manage all cluster features EXCEPT security." it is appropriate that the security permissions are "false", but "cluster.admin.internal!all" should be "true".
Somewhat strangely, even though cluster.admin.logs!read is false, the Cluster Admin user is still permitted to look at the logs, and perform various administrative tasks. Perhaps no one aside from Query Workbench is actually checking cluster.admin.internal!all?
Attachments
Issue Links
- relates to
-
MB-24819 [N1QL RBAC UPGRADE] cluster admin not able to see query tab in a mixed node cluster
- Closed