Details
Description
Build: 7.0.0- 2672
Steps to repro:
- create bucket `bucket1`
- create collections: `bucket1`.`scope1`.`collection1` and `bucket1`.`scope1`.`collection2`
- perform the following inserts:
insert into default:bucket1.scope1.collection1 (key,value) values ("key_1", {"type": "typ1", "val":"val1"}) |
insert into default:bucket1.scope1.collection1 (key,value) values ("key_2", {"type": "typ1", "val":"val2"}) |
insert into default:bucket1.scope1.collection2 (key,value) values ("key_1", {"type": "typ1", "val":"val3"}) |
insert into default:bucket1.scope1.collection2 (key,value) values ("key_2", {"type": "typ1", "val":"val4"}) |
- create the following fts index:\
{
|
"type": "fulltext-index", |
"name": "idx1", |
"uuid": "77a9e50849f2b829", |
"sourceType": "gocbcore", |
"sourceName": "bucket1", |
"sourceUUID": "05017e7ba56fd81571b332201ef018aa", |
"planParams": { |
"maxPartitionsPerPIndex": 171, |
"indexPartitions": 6 |
},
|
"params": { |
"doc_config": { |
"docid_prefix_delim": "", |
"docid_regexp": "", |
"mode": "scope.collection.type_field", |
"type_field": "type" |
},
|
"mapping": { |
"analysis": {}, |
"default_analyzer": "standard", |
"default_datetime_parser": "dateTimeOptional", |
"default_field": "_all", |
"default_mapping": { |
"dynamic": true, |
"enabled": false |
},
|
"default_type": "_default", |
"docvalues_dynamic": true, |
"index_dynamic": true, |
"store_dynamic": false, |
"type_field": "_type", |
"types": { |
"scope1.collection1": { |
"dynamic": true, |
"enabled": true |
},
|
"scope1.collection2": { |
"dynamic": true, |
"enabled": true |
}
|
}
|
},
|
"store": { |
"indexType": "scorch" |
}
|
},
|
"sourceParams": {} |
}
|
- create user user1 with the following permissions:
Query Select [bucket1:scope1:collection1]
|
Search Reader [bucket1:scope1:collection1]
|
- Log in as user1 - fts index will not be accessible. This is expected behavior since he does not have an access to bucket1.scope1.collection2.
- add the following permissions to user1:
Query Select [bucket1:scope1:collection2]
|
Search Reader [bucket1:scope1:collection2]
|
- Log in as user1, try to use fts index: it's still invisible.
- add the following permissions to user1:
Query Select [*:*:*]
|
Search Reader [*:*:*]
|
- Log in as user1, try to use fts index: it's accessible and return 4 docs.
The problem is: fts index becomes accessible only after adding star permissions to bucket, but collection level permissions set should be enough.