Description
Currently grant and revoke do not check if the role passed should be granted /revoked against a bucket / scope / keyspace or whether they are global.
The semantics package should take the role name, the path length, if any,
determine the role type, and check that no keyspace is specified for global roles,
or that we have an appropriate target for roles that require one (eg we should get that the target is a scope or a collection for execute and manage scope function roles)
Attachments
Issue Links
- is triggering
-
MB-59250 [N1QL][RBAC] GRANT statement on a scope no longer works
- Closed