Details
Description
1. create a 1 node 4.6.3-4084 cluster with kv,index,n1ql. create a password protected bucket bucket0.
2. create a ReadOnly admin user using couchbase-cli as:
./couchbase-cli user-manage -c localhost:8091 --set --ro-username=ro_non_ldap --ro-password=readonlypassword -u Administrator -p password
3. ro_non_ldap shows in UI as read only user and I am able to login with it too.Hence it got created with a password readonlypassword in 4.6.3
4. Upgrade the node to 5.0.0-3405 using rpm -Uvh.
5. grant upgrade permission to ro_non_ldap using:
curl -u Administrator:password http://172.23.98.113:8093/query/service -d 'statement=grant update on bucket0 to ro_non_ldap'
6. UI shows that query_update is granted to ro_non_ldap on bucket0.
7. Try updating a doc in bucket0 as:
curl -u ro_non_ldap:password http://172.23.98.113:8093/query/service -d 'statement=UPDATE bucket0 a set name = 'employee-14-2' where name = 'employee-9' limit 1' |
{
|
"requestID": "2d730c57-d823-4977-9d25-79b8f51b66ce", |
"signature": null, |
"results": [ |
],
|
"errors": [{"code":13014,"msg":"User does not have credentials to run UPDATE queries on the bucket0 bucket. Add role query_select on bucket0 to allow the query to run."}], |
"status": "stopped", |
"metrics": {"elapsedTime": "1.832340988s","executionTime": "1.832265402s","resultCount": 0,"resultSize": 0,"errorCount": 1} |
}
|
|
I made sure the bucket bucket0 had a doc with name as 'employee-9'.
8. Same query works with Administrator user.