Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-29827

[RBAC] - Support "forcibly disconnect user" (was: Removing UI login access does not disable user's view of the UI)

    XMLWordPrintable

Details

    Description

      When removing permissions from a user, an admin should have the ability to forcibly disconnect a user's UI session. This will allow the admin to remove the permissions and ensure that after forcibly disconnecting the user is immediately not able to access the functionality.

      Steps to repro:

      1. Create user with Query Select[travel-sample], Data Reader[travel-sample] roles.
      2. Log in with user.
      3. In separate tab/browser, remove "Query Select[travel-sample]" role. 
      4. Back in other tab, observe that the user is still able to navigate the UI.  They should be kicked out if they no longer have UI access.  Only logging out and attempting to log back in again will show this.

      Attachments

        Activity

          People

            dfinlay Dave Finlay
            perry Perry Krug
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              PagerDuty