Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-29270

RBAC Role: Statistics Only User

    XMLWordPrintable

Details

    Description

      As part of the wider MB-23110 Separation of Duties discussion, it would be ideal to get a RBAC role created that only allows the user to access statistics with cbstats and other supported interfaces, but is targeted towards monitoring and scripting access, rather than a human agent.

      This user should not be able to view bucket data or change cluster settings.
      Ideally, this user should not be able to log in to the UI.

      Currently a read-only administrator can be used, however this allows seeing data at this time and possibly going forward "an administrator" and "a monitoring system" will become more distinct.

      A move to separation of duties in this regard with a well labelled "Statistics Only" user would be clearer on the part of a user choosing between RBAC roles for their need, even if the role privileges largely overlap initially.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MB-23110 Separation of Duties - Administrators should not be able to see user data

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              istvan.orban Istvan Orban
              phil.stott Phil Stott (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty