Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-46260

FTS - Apply RBAC only for target collections in a multi-collection index

    XMLWordPrintable

Details

    • 1

    Description

      Today, any query against a multi collection index is authenticated against all the source collections.

      This may not be a very effective model for supporting the multi-tenant capability of the FTS multi-collection index.

      RBAC rules could be slightly changed in this case,

      1 - Blanket query (no target collections in query)

      Authenticate against all source collections in the index definition.

      2 - Collection scoped/targetted query.

      Authenticate against only the target collections in the query.

      (as against all source collections in the index definition before.)

       

      We acknowledge that this is a bit late in the cycle, but the change should be 

      of lesser risk and could a desirable change for making the multi-collection index

      really multi-tenant)

      Tagging Evgeny Makarenko/Keshav Murthy for inputs.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            evgeny.makarenko Evgeny Makarenko (Inactive)
            Sreekanth Sivasankaran Sreekanth Sivasankaran (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                PagerDuty