Details
-
Improvement
-
Resolution: Fixed
-
Major
-
5.0.0
Description
This role should be as follows:
- Should have read access to topology, buckets and admin settings (similar to Read-Only Admin)
- Should be able to change the roles a user has (except itself)
- Should not be able to grant full Admin roles or Security Admin roles to other users (to prevent privilege escalation)
- Should not have access to bucket data
Attachments
Issue Links
For Gerrit Dashboard: MB-28419 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
90816,8 | MB-28419: Adding new security_admin role. | master | ns_server | Status: ABANDONED | 0 | +1 |
90952,3 | MB-28419 introduce method for getting security related roles | master | ns_server | Status: MERGED | +2 | +1 |
90953,4 | MB-28419 introduce security_admin role to manage security | master | ns_server | Status: MERGED | +2 | +1 |
90971,3 | MB-28419: Filter out roles based on requesting ... | master | ns_server | Status: MERGED | +2 | +1 |
90972,6 | MB-28419: Filter out users based on requesting ... | master | ns_server | Status: MERGED | +2 | +1 |
90973,8 | MB-28419: Add checks to prevent access to security. | master | ns_server | Status: MERGED | +2 | +1 |
91038,4 | MB-28419: Add checks to prevent access to users. | master | ns_server | Status: MERGED | +2 | +1 |
91902,5 | MB-28417: Change permissions for index service ... | master | ns_server | Status: MERGED | +2 | +1 |
91905,6 | MB-28419: Prevent security_admin to view data ... | master | ns_server | Status: MERGED | +2 | +1 |