Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
5.0.0
Description
As part of the wider MB-23110 Separation of Duties discussion, it would be ideal to get a RBAC role created that only allows the user to access statistics with cbstats and other supported interfaces, but is targeted towards monitoring and scripting access, rather than a human agent.
This user should not be able to view bucket data or change cluster settings.
Ideally, this user should not be able to log in to the UI.
Currently a read-only administrator can be used, however this allows seeing data at this time and possibly going forward "an administrator" and "a monitoring system" will become more distinct.
A move to separation of duties in this regard with a well labelled "Statistics Only" user would be clearer on the part of a user choosing between RBAC roles for their need, even if the role privileges largely overlap initially.
Attachments
Issue Links
- relates to
-
MB-23110 Separation of Duties - Administrators should not be able to see user data
- Resolved