Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-25233

[N1QL RBAC] Index manager role created via local settings on bucketA able to create and drop indexes on bucketB

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Critical
    • 5.0.0
    • 5.0.0
    • query
    • 5.0.0-3217
    • Untriaged
    • Unknown

    Description

      The bug was found while verifying:
      MB-23195

      1. create index manager role on bucket test as mentioned in MB-23195:
      curl -X PUT http://172.23.98.113:8091/settings/rbac/users/local/idxmanage -d "name=Idx Manage&roles=query_manage_index[test]&password=pwidxmanage" -u Administrator:password

      2. Try creating/dropping index on bucket default using above user as:

       curl http://172.23.98.113:8093/query/service -d "statement=create index idx1 on default(foo)" -u idxmanage:pwidxmanage
      		 
      {
      		 
      "requestID": "c7cc6af4-9058-4e3a-badb-d77b95a17c6c",
      		 
      "signature": null,
      		 
      "results": [
      		 
      ],
      		 
      "status": "success",
      		 
      "metrics": {"elapsedTime": "1.894397383s","executionTime": "1.894352611s","resultCount": 0,"resultSize": 0}
      		 
      }
      		 
      


      curl http://172.23.98.113:8093/query/service -d "statement=drop index default.idx1" -u idxmanage:pwidxmanage
      		 
      {
      		 
      "requestID": "4fde1eac-e403-495a-a18b-d70405e9d3a7",
      		 
      "signature": null,
      		 
      "results": [
      		 
      ],
      		 
      "status": "success",
      		 
      "metrics": {"elapsedTime": "3.121779672s","executionTime": "3.121744514s","resultCount": 0,"resultSize": 0}
      		 
      }

      Above should not work.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Prerna.Manaktala Prerna Manaktala (Inactive)
            Prerna.Manaktala Prerna Manaktala (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty