Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 5.0.0
Affects Version/s: 5.0.0
Component/s: query
Labels:
- query
- rbac
- upgrade
Environment:
5.0.0-3337

Triage:
Untriaged
Is this a Regression?:
No

Description

1. Do an offline upgrade from 4.6 to 5.0.0-3337.
2. create the following external users with permissions as shown in screenshot:
admin2 and admin3
3. Add password to admin2 via pam auth.No password is added to admin3.
4. Try the following curl command:

prernamanaktala@MacBook-Pro testrunner-spock (master) $ curl -u admin4:password http://172.23.106.210:8093/query/service -d 'statement=SELECT * from test'

"requestID": "dd7722b1-614a-4dee-ab27-82dd71460258",

"signature": {"*":"*"},

"results": [

],

"errors": [{"code":13014,"msg":"User does not have credentials to access privilege cluster.bucket[test].n1ql.select!execute. Add role Query Select [test] to allow the query to run."}],

"status": "stopped",

"metrics": {"elapsedTime": "1.212518584s","executionTime": "1.212421128s","resultCount": 0,"resultSize": 0,"errorCount": 1}

prernamanaktala@MacBook-Pro testrunner-spock (master) $ curl -u admin3:password http://172.23.106.210:8093/query/service -d 'statement=SELECT * from test'

"requestID": "2e21f796-0316-475a-bcdb-77f318e17ce8",

"signature": {"*":"*"},

"results": [

],

"errors": [{"code":13014,"msg":"User does not have credentials to access privilege cluster.bucket[test].n1ql.select!execute. Add role Query Select [test] to allow the query to run."}],

"status": "stopped",

"metrics": {"elapsedTime": "1.604480515s","executionTime": "1.604414491s","resultCount": 0,"resultSize": 0,"errorCount": 1}

prernamanaktala@MacBook-Pro testrunner-spock (master) $ curl -u admin2:password http://172.23.106.210:8093/query/service -d 'statement=SELECT * from test'

"requestID": "12e32da6-5345-4b74-86ff-089f09ad32fa",

"signature": {"*":"*"},

"results": [

],

"status": "success",

"metrics": {"elapsedTime": "118.275514ms","executionTime": "118.200902ms","resultCount": 0,"resultSize": 0}

prernamanaktala@MacBook-Pro testrunner-spock (master) $ curl -u admin2:password http://172.23.106.210:8093/query/service -d 'statement=SELECT * from test'

"requestID": "b2888564-400a-49c6-b42a-8c8bb88d450a",

"signature": {"*":"*"},

"results": [

],

"errors": [{"code":13014,"msg":"User does not have credentials to access privilege cluster.bucket[test].n1ql.select!execute. Add role Query Select [test] to allow the query to run."}],

"status": "stopped",

"metrics": {"elapsedTime": "76.830291ms","executionTime": "76.768052ms","resultCount": 0,"resultSize": 0,"errorCount": 1}

Admin4 user does not exist, but still the same error message is displayed.
Admin3 does not have a password set via pam, but still curl displays same error message.