Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-26421

Default "administrator" user doesn't show up in list of local users

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.0.0
    • Fix Version/s: Mad-Hatter
    • Component/s: ns_server
    • Labels:
    • Triage:
      Untriaged
    • Is this a Regression?:
      Unknown

      Description

      I am programmatically creating a cluster and setting the admin username/pass with cluster-init.  However, that user doesn't show up in the list of users under Security->Users in the UI.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            dfinlay Dave Finlay added a comment -

            It's because this user is special - has certain special properties - such as not being modifiable or deletable. And it's managed differently too. Of course, we could imagine including the user in the user list but just indicate its specialness and not allow it to be changed.

            I can't remember the requirements around this user. Don, do you?

            Show
            dfinlay Dave Finlay added a comment - It's because this user is special - has certain special properties - such as not being modifiable or deletable. And it's managed differently too. Of course, we could imagine including the user in the user list but just indicate its specialness and not allow it to be changed. I can't remember the requirements around this user. Don, do you?
            Hide
            djp Don Pinto added a comment - - edited

            Would be good to show this user as well for consistency but there are some constraints - 

            1. Roles should not be editable
            2. User should not be deletable 
            3. Ok to allow changing Administrator Username and Password -> But got to think through the implications of already setup incoming XDCR connections.

            Thanks,

            Show
            djp Don Pinto added a comment - - edited Would be good to show this user as well for consistency but there are some constraints -  Roles should not be editable User should not be deletable  Ok to allow changing Administrator Username and Password -> But got to think through the implications of already setup incoming XDCR connections. Thanks,
            Hide
            djp Don Pinto added a comment -

            Abhijeeth Nuthan - Any update on this?

            Show
            djp Don Pinto added a comment - Abhijeeth Nuthan - Any update on this?
            Hide
            Abhijeeth.Nuthan Abhijeeth Nuthan added a comment -

            Don Pinto I haven't been working on this bug, it has been superseded by other work. I will have more of an update when I have finished the other work I have.

            Show
            Abhijeeth.Nuthan Abhijeeth Nuthan added a comment - Don Pinto I haven't been working on this bug, it has been superseded by other work. I will have more of an update when I have finished the other work I have.
            Hide
            dfinlay Dave Finlay added a comment -

            Perry - Abhi looked into it and, while feasible, the change is too big and I want to push this bug out. Essentially we need to add a new domain of users (internal), sync them into the user list, and treat them specially (i.e. their permissions can't be changed). I'm going to set it as Mad Hatter. Obviously, complain if you think we need to escalate this / get exceptions etc and get this in.

            Show
            dfinlay Dave Finlay added a comment - Perry - Abhi looked into it and, while feasible, the change is too big and I want to push this bug out. Essentially we need to add a new domain of users (internal), sync them into the user list, and treat them specially (i.e. their permissions can't be changed). I'm going to set it as Mad Hatter. Obviously, complain if you think we need to escalate this / get exceptions etc and get this in.
            Hide
            perry Perry Krug added a comment -

            Dave Finlay totally understand the prioritization here, this isn't a big deal for Vulcan.

             

            I discovered something though, that it's possible to have users with the same names across different auth domains.  Would it be a much easier solve to this particular issue to just add a new user with the supplied name during cluster-init and leave the internal ns_server one as-is?  That user would then show up everywhere properly and we wouldn't need to add any special protections because the internal one would still exist.

            Show
            perry Perry Krug added a comment - Dave Finlay totally understand the prioritization here, this isn't a big deal for Vulcan.   I discovered something though, that it's possible to have users with the same names across different auth domains.  Would it be a much easier solve to this particular issue to just add a new user with the supplied name during cluster-init and leave the internal ns_server one as-is?  That user would then show up everywhere properly and we wouldn't need to add any special protections because the internal one would still exist.
            Hide
            Abhijeeth.Nuthan Abhijeeth Nuthan added a comment -

            Perry Krug This creates more problems than it solves, w.r.t consistency, usability, maintenance from user and ns-server perspective.  I would just do it the non-hackish way, in mad-hatter. 

            Show
            Abhijeeth.Nuthan Abhijeeth Nuthan added a comment - Perry Krug This creates more problems than it solves, w.r.t consistency, usability, maintenance from user and ns-server perspective.  I would just do it the non-hackish way, in mad-hatter. 

              People

              • Assignee:
                Abhijeeth.Nuthan Abhijeeth Nuthan
                Reporter:
                perry Perry Krug
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.