Description
Couchbase 7.0.0-4678
A user with only the "Manage Collections in Scope" role can create scopes if the role uses a wildcard for the scope.
To reproduce, create a "default" bucket and create a user with the only the "Manage Collections in Scope" role for that bucket, with wildcard for the scope:
Manage Collections in Scope [default:*]
Then create a scope:
curl -X POST -v -u username:password http://localhost:8091/pools/default/buckets/default/collections -d name=newScope
|
The operation succeeds.
If the role is for a specific scope (like "Manage Collections in Scope [default:someScope]") then scope creation fails with "Forbidden".
Is this the expected behavior?
Attachments
Issue Links
- relates to
-
DOC-7888 SDK Collections Management API
- Resolved