Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-24940

[N1QL RBAC]User with query_select role on a bucket able to insert values into another bucket

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 5.0.0
    • 5.0.0
    • query
    • 5.0.0-3136
    • Untriaged
    • Unknown

    Description

      1. create a bucket default with no documents.
      2. Add beer-sample bucket.
      3. create a user test with password as <<password>> with role as query_select on beer-sample through UI.
      4. Try the following query through cbq:
      cbq> [root@localhost bin]# ./cbq -u test -p password
      Connected to : http://localhost:8091/. Type Ctrl-D or \QUIT to exit.

      Path to history file for the shell : /root/.cbq_history
      cbq> INSERT INTO default (KEY UUID(), VALUE name) select name from `beer-sample` ;
      {
      "requestID": "5e58bf18-2fae-40b1-9223-dba72cb66069",
      "signature": null,
      "results": [
      ],
      "status": "success",
      "metrics":

      { "elapsedTime": "7.227159727s", "executionTime": "7.227109025s", "resultCount": 0, "resultSize": 0, "mutationCount": 7303 }

      }

      User test should not be allowed to insert docs in default.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            johan.larson Johan Larson (Inactive)
            Prerna.Manaktala Prerna Manaktala (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty