Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 5.0.0
Affects Version/s: 5.0.0
Component/s: query
Labels:
Environment:
Mixed node cluster: 4.6.1-3652 to 5.0.0-3088

Triage:
Untriaged
Is this a Regression?:
Unknown

Description

1. create a 2node cluster with following configuration:
a. 1 node with 4.6.1-3652 having kv,index and n1ql on it.
b. second node with 5.0.0-3088 having kv,index and n1ql on it.
2. create a bucket bucket0 with password as password and bucket bucket1 with password as password1.
3. Enable pam authentication on node with version 4.6.1-3652.
4. create a user hello with role bucket_admin on bucket-1 as shown in screenshot.
5. Add password to user hello through pam:
[root@localhost bin]# useradd hello
[root@localhost bin]# passwd hello

6. Try the following grant command to hello as:

cbq> grant bucket_admin on `bucket0` to hello;

    "requestID": "45187163-450b-4c9c-9405-d7a2ec6cf38b",

    "errors": [

            "code": 3000,

            "msg": "syntax error - at grant"        << This is correct error message >>

],

    "status": "fatal",

    "metrics": {

        "elapsedTime": "397.654µs",

        "executionTime": "322.654µs",

        "resultCount": 0,

        "resultSize": 0,

        "errorCount": 1

cbq> grant bucket_admin on `bucket0` to hello;

    "requestID": "ad04bee2-c6e1-468e-a1a7-b73003839a13",

    "signature": null,

    "results": [

],

    "errors": [

            "code": 13014,

            "msg": "User does not have credentials to access privilege cluster.admin!write. Add role Admin to allow the query to run."

],

    "status": "stopped",

    "metrics": {

        "elapsedTime": "7.454408ms",

        "executionTime": "7.390399ms",

        "resultCount": 0,

        "resultSize": 0,

        "errorCount": 1

7. Give user hello admin permissions also through UI as shown in screenshot.
8. Try grant command again as:

cbq> grant bucket_admin on `bucket0` to hello;

    "requestID": "ad04bee2-c6e1-468e-a1a7-b73003839a13",

    "signature": null,

    "results": [

],

    "errors": [

            "code": 13014,

            "msg": "User does not have credentials to access privilege cluster.admin!write. Add role Admin to allow the query to run."

],

    "status": "stopped",

    "metrics": {

        "elapsedTime": "7.454408ms",

        "executionTime": "7.390399ms",

        "resultCount": 0,

        "resultSize": 0,

        "errorCount": 1

User hello has already been given admin permission.
Grant should not be allowed in mixed node cluster

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screen Shot 2017-06-14 at 11.16.22 AM.png
44 kB
14/Jun/17 11:16 AM

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Prerna Manaktala (Inactive)

Reporter:: Prerna Manaktala (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Jun/17 11:16 AM

Updated:: 10/Aug/17 12:28 AM

Resolved:: 20/Jul/17 5:51 AM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

MB-24852 return 'domain: external' for ldap users on mixed clusters: Gerrit Review:

[N1QL RBAC UPGRADE] Grant query being allowed in a mixed node cluster

Details

Description

Attachments

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty