Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-39883

cluster_admin, bucket_admin can read analytics data

    XMLWordPrintable

    Details

    • Triage:
      Untriaged
    • Story Points:
      1
    • Is this a Regression?:
      Unknown
    • Sprint:
      CX Sprint 214

      Description

      According to the description of the roles (cluster_admin and bucket_admin), they shouldn't be able to read any data. However, they currently can read analytics data as the analytics permissions aren't explicitly excluded from the roles. The current Analytics documentation (https://docs.couchbase.com/server/6.5/analytics/rest-analytics.html) mentions that cluster_admin can access several APIs and perform Analytics operation. However, when this fix is implemented, cluster_admin won't be able to perform any analytics operation which might cause a backward compatibility issue.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            till Till Westmann added a comment -

            Need to provide release notes/upgrade considerations.

            Show
            till Till Westmann added a comment - Need to provide release notes/upgrade considerations.
            Hide
            till Till Westmann added a comment -

            Moving to the next major release.

            Show
            till Till Westmann added a comment - Moving to the next major release.
            Hide
            build-team Couchbase Build Team added a comment -

            Build couchbase-server-7.0.0-2959 contains ns_server commit 73d77fa with commit message:
            MB-39883: Exclude Analytics permissions from cluster/bucket admins

            Show
            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-2959 contains ns_server commit 73d77fa with commit message: MB-39883 : Exclude Analytics permissions from cluster/bucket admins
            Hide
            build-team Couchbase Build Team added a comment -

            Build couchbase-server-7.0.0-2962 contains cbas-core commit 7c00cfa with commit message:
            MB-39883: Update test to use ADMIN role

            Show
            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-2962 contains cbas-core commit 7c00cfa with commit message: MB-39883 : Update test to use ADMIN role
            Hide
            umang.agrawal Umang added a comment -

            Verified with build Enterprise Edition 7.0.0 build 4754

            Show
            umang.agrawal Umang added a comment - Verified with build Enterprise Edition 7.0.0 build 4754

              People

              Assignee:
              umang.agrawal Umang
              Reporter:
              murtadha.hubail Murtadha Hubail
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty