Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-41765

Should have a "scope-admin" role in Cheshire Cat

    XMLWordPrintable

Details

    • 1

    Description

      We should add support for a "scope admin" role in CC.

      Details:

      • should be able to list collections in the scope
      • should be able to create/delete collections in the scope

      In addition the privilege to list collections in a scope should be granted to some other existing scope-level roles such as query_manage_index.

      Attachments

        Issue Links

          For Gerrit Dashboard: MB-41765
          # Subject Branch Project Status CR V

          Activity

            Build couchbase-server-7.0.0-3587 contains ns_server commit 3f66f94 with commit message:
            MB-41765: User should be able to view/manage collections

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3587 contains ns_server commit 3f66f94 with commit message: MB-41765 : User should be able to view/manage collections

            Build couchbase-server-7.0.0-3587 contains ns_server commit 33198a4 with commit message:
            MB-41765: Add list collection permissions to additional roles

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3587 contains ns_server commit 33198a4 with commit message: MB-41765 : Add list collection permissions to additional roles

            Build couchbase-server-7.0.0-3587 contains ns_server commit f1e5566 with commit message:
            MB-41765: User with scope_admin roles should be able

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3587 contains ns_server commit f1e5566 with commit message: MB-41765 : User with scope_admin roles should be able

            Build couchbase-server-7.0.0-3587 contains ns_server commit f08e7f8 with commit message:
            MB-41765: Change permissions for managing collection per scope

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3587 contains ns_server commit f08e7f8 with commit message: MB-41765 : Change permissions for managing collection per scope

            Build couchbase-server-7.0.0-3587 contains ns_server commit 34d0aaf with commit message:
            MB-41765: Introduce scope_admin role

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3587 contains ns_server commit 34d0aaf with commit message: MB-41765 : Introduce scope_admin role

            Validated using 7.0.0-4607. Created user with "Manage_collections in scope" permission.

            1. Able to list collections in the bucket
            2. Created and dropped the collections under targeted scope
            3. Creating collection under unauthorized scope resulted in `HTTP/1.1 403 Forbidden` error
            ashwin.govindarajulu Ashwin Govindarajulu added a comment - Validated using 7.0.0-4607 . Created user with "Manage_collections in scope" permission. Able to list collections in the bucket Created and dropped the collections under targeted scope Creating collection under unauthorized scope resulted in ` HTTP/1.1 403 Forbidden ` error

            People

              ashwin.govindarajulu Ashwin Govindarajulu
              dfinlay Dave Finlay
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty