Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-29686

RBAC privileges set correctly, but not working

    XMLWordPrintable

Details

    • Bug
    • Resolution: User Error
    • Trivial
    • None
    • 5.5.0
    • memcached, rbac
    • None
    • Enterprise Edition 5.5.0 build 2671 ‧ IPv4
      Mac OS 10.11.6 (El Capitan)
    • Untriaged
    • Unknown

    Description

      My client is receiving errors when trying to perform any bucket level logic, but the permissions appear to be set up correctly and the client is authenticating correctly. The memcached log indicates proper auth as well.

      This is a single-node cluster I used on my laptop. It worked fine for a demo last week, but just starting it today it suddenly does not work.

      Settings in the UI:

      From memcached.log:

      2018-05-15T11:55:23.492810Z INFO 57: HELO [{"a":"libcouchbase/2.8.7 (Darwin-15.6.0; x86_64; Clang 8.0.0.8000042) PYCBC/2.3.2.dev19+g3f56d39","i":"0000000049296778/848fee2b15b590e3"}] TCP nodelay, XATTR, XERROR, Select bucket, Snappy, JSON [ 127.0.0.1:53187 - 127.0.0.1:11210 (not authenticated) ]
      		 
      2018-05-15T11:55:23.493472Z INFO 57: Client 127.0.0.1:53187 authenticated as <ud>pixels</ud>
      		 
      2018-05-15T11:55:59.156514Z INFO 57 RBAC [ 127.0.0.1:53187 - 127.0.0.1:11210 (<ud>pixels</ud>) ] missing privilege Upsert for SET in bucket:[pixels] with context: [SimpleStats,Stats] UUID:[210a08a8-8cdb-469e-85a7-5bb2e346561b]
      		 
      2018-05-15T11:55:59.156527Z WARNING 57 [ 127.0.0.1:53187 - 127.0.0.1:11210 (<ud>pixels</ud>) ]: no access to command SET
      		 
      2018-05-15T11:56:25.643787Z INFO 57 RBAC [ 127.0.0.1:53187 - 127.0.0.1:11210 (<ud>pixels</ud>) ] missing privilege Read for GET in bucket:[pixels] with context: [SimpleStats,Stats] UUID:[461c547a-0953-4709-a402-d811efcca0cc]
      		 
      2018-05-15T11:56:25.643793Z WARNING 57 [ 127.0.0.1:53187 - 127.0.0.1:11210 (<ud>pixels</ud>) ]: no access to command GET

      Actions carried out with client:

      >>> from couchbase.cluster import Cluster,PasswordAuthenticator
      		 
      >>> cluster = Cluster('couchbase://localhost')
      		 
      >>> cluster.authenticate(PasswordAuthenticator('pixels','pixels'))
      		 
      >>> bucket = cluster.open_bucket('pixels')
      		 
      >>> bucket.upsert("key", "value")
      		 
      Traceback (most recent call last):
      		 
        File "<stdin>", line 1, in <module>
      		 
        File "couchbase/bucket.py", line 407, in upsert
      		 
          replicate_to=replicate_to)
      		 
      couchbase.exceptions.LCB_0x54 (generated, catch: CouchbaseInputError): <Key=u'key', RC=0x54[Not authorized for operation], Operational Error, Results=1, C Source=(src/multiresult.c,316), Context=Authorization failure: can't execute SET operation without the Upsert privilege, Ref=210a08a8-8cdb-469e-85a7-5bb2e346561b>
      		 
      >>> bucket.get("foo")
      		 
      Traceback (most recent call last):
      		 
        File "<stdin>", line 1, in <module>
      		 
        File "couchbase/bucket.py", line 551, in get
      		 
          replica=replica, no_format=no_format)
      		 
      couchbase.exceptions.LCB_0x54 (generated, catch: CouchbaseInputError): <Key=u'foo', RC=0x54[Not authorized for operation], Operational Error, Results=1, C Source=(src/multiresult.c,316), Context=Authorization failure: can't execute GET operation without the Read privilege, Ref=461c547a-0953-4709-a402-d811efcca0cc>

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            trond Trond Norbye
            ingenthr Matt Ingenthron
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty