Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
Cheshire-Cat
-
1
Description
Today, any query against a multi collection index is authenticated against all the source collections.
This may not be a very effective model for supporting the multi-tenant capability of the FTS multi-collection index.
RBAC rules could be slightly changed in this case,
1 - Blanket query (no target collections in query)
Authenticate against all source collections in the index definition.
2 - Collection scoped/targetted query.
Authenticate against only the target collections in the query.
(as against all source collections in the index definition before.)
We acknowledge that this is a bit late in the cycle, but the change should be
of lesser risk and could a desirable change for making the multi-collection index
really multi-tenant)
Tagging Evgeny Makarenko/Keshav Murthy for inputs.
Attachments
For Gerrit Dashboard: MB-46260 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
153449,2 | MB-46260 - Apply RBAC only for target collections | master | cbft | Status: ABANDONED | 0 | 0 |
158571,2 | MB-46260 - Apply RBAC only for target collections | cheshire-cat | cbft | Status: MERGED | +2 | +1 |
159093,3 | Revert "MB-46260 - Apply RBAC only for target collections" | cheshire-cat | cbft | Status: MERGED | +2 | +1 |
159096,2 | Revert "Revert "MB-46260 - Apply RBAC only for target collections"" | cheshire-cat | cbft | Status: MERGED | +2 | +1 |
159231,1 | Merge remote-tracking branch 'couchbase/cheshire-cat' | master | cbft | Status: MERGED | +2 | +1 |