[N1QL RBAC Upgrade] Read Only User created via couchbase-cli not able to issue update query after granting him query_update permission

1. create a 1 node 4.6.3-4084 cluster with kv,index,n1ql. create a password protected bucket bucket0.
2. create a ReadOnly admin user using couchbase-cli as:
./couchbase-cli user-manage -c localhost:8091 --set --ro-username=ro_non_ldap --ro-password=readonlypassword -u Administrator -p password
3. ro_non_ldap shows in UI as read only user and I am able to login with it too.Hence it got created with a password readonlypassword in 4.6.3
4. Upgrade the node to 5.0.0-3405 using rpm -Uvh.
5. grant upgrade permission to ro_non_ldap using:
curl -u Administrator:password http://172.23.98.113:8093/query/service -d 'statement=grant update on bucket0 to ro_non_ldap'
6. UI shows that query_update is granted to ro_non_ldap on bucket0.
7. Try updating a doc in bucket0 as:

curl -u ro_non_ldap:password http://172.23.98.113:8093/query/service -d 'statement=UPDATE bucket0 a set name = 'employee-14-2' where name = 'employee-9' limit 1'

{

"requestID": "2d730c57-d823-4977-9d25-79b8f51b66ce",

"signature": null,

"results": [

],

"errors": [{"code":13014,"msg":"User does not have credentials to run UPDATE queries on the bucket0 bucket. Add role query_select on bucket0 to allow the query to run."}],

"status": "stopped",

"metrics": {"elapsedTime": "1.832340988s","executionTime": "1.832265402s","resultCount": 0,"resultSize": 0,"errorCount": 1}

}

I made sure the bucket bucket0 had a doc with name as 'employee-9'.
8. Same query works with Administrator user.