Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-42422

scope_admin should have access to the UI

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • Cheshire-Cat
    • Morpheus
    • UI
    • None
    • Untriaged
    • 1
    • Unknown

    Description

      Scope admin allows you to create collections in a scope of a bucket. As a consequence all the API which relates to managing collections now work based on user permissions. So GET of pools/default/buckets/<bucket_name>/collections would return collections that a user has access to while filtering out the ones it doesn’t.

      From my basic understanding of how UI works, the permissions for each user are fetched at the beginning of login using checkPermissions API and cache them in order to serve different buttons to the user. However, all the permissions are bucket level permissions.

      I see we check bucket level permissions to enable “Scopes & Collections” button, in ns_server/priv/public/ui/app/mn_admin/mn_buckets_list_item.html line 55. I’m not sure how much work is required to change these to collection level permission, as

       rbac.cluster.collection[bucket.name:.:.].collections.read

      Creating this bug for further evaluation to see what is required for UI to be able to grant access to scope admin users.

      Attachments

        Issue Links

          For Gerrit Dashboard: MB-42422
          # Subject Branch Project Status CR V

          Activity

            There are no comments yet on this issue.

            People

              pavel Pavel Blagodov
              Abhijeeth.Nuthan Abhijeeth Nuthan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There is 1 open Gerrit change

                  PagerDuty