Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 5.0.0
Affects Version/s: 5.0.0
Component/s: ns_server
Labels:
- security
Environment:
3497

Triage:
Untriaged
Operating System:
Centos 64-bit
Is this a Regression?:
Unknown

Description

Role definition from - https://github.com/couchbase/ns_server/blob/master/src/menelaus_roles.erl

{data_backup, [bucket_name],
	[{name, <<"Data Backup">>},
	{desc, <<"Can backup and restore bucket data">>}],
	[{[\{bucket, bucket_name}, data], [read, write]},
	{[\{bucket, bucket_name}, views], [read, write]},
	{[\{bucket, bucket_name}, fts], [read, write, manage]},
	{[\{bucket, bucket_name}, stats], [read]},
	{[\{bucket, bucket_name}, settings], [read]},
	{[\{bucket, bucket_name}, n1ql, index], [create, list, build]},
	{[pools], [read]}]},

[{[\{bucket, bucket_name}, data], [read, write]} - the write here should be Insert/Upsert. Currently user with this permission cannot write using SDK

https://github.com/couchbaselabs/sdk-qe/blob/automation/functional-tests/java-functional/src/main/java/com/couchbase/sdkqe/test/functional/TestEpRbac.java#L216

First noticed here ~~MB-25136~~, for permission to be incorrect.

This might be a regression, after a refractor or permission file -

https://github.com/couchbase/ns_server/blob/fa149eb9ce278c84931a0b5d1eb794e09de552b9/src/memcached_permissions.erl

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Ritam Sharma

Reporter:: Ritam Sharma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 22/Aug/17 5:26 AM

Updated:: 28/Aug/17 1:06 AM

Resolved:: 24/Aug/17 4:00 PM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

MB-25772 grant all operations on data to data_backup role: Gerrit Review:

5.0.0.xml: Advance ns_server SHA to include MB-25772: Gerrit Review:

PagerDuty