Details
-
Bug
-
Resolution: Fixed
-
Major
-
7.0.2
-
1
Description
In order to be able to backup and restore N1QL metadata (currently, UDF definitions, may be expanded later), a user needs to have both the data_backup role and query_system_catalog role for bucket backups, so that access to the query system keyspaces is still restricted to authorised personnel.
Both Patrick Varley and myself think this is cumbersome, and it would be better to add ad hoc privileges to the backup roles, so that no extra roles are required to complete backups when UDFs are present.
Artem Stemkovski could you add the following permissions to the data_backup
{[{bucket, bucket_name}, n1ql, meta], [backup]},
|
I intend to also use cluster.n1ql.meta!backup for cluster backups, but I believe nothing needs to be added because the backup admin essentially already has full admin privileges.
Once you're done, could you pass this MB to me, and I'll amend query as necessary.
Ta much!
Attachments
| For Gerrit Dashboard: MB-48275 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 160601,2 | MB-48275 remove need for system_catalog_read privilege for udf backup | cheshire-cat | query | Status: MERGED | +2 | +1 |
| 160666,2 | MB-48275 Allow back role access to n1ql metadata | cheshire-cat | ns_server | Status: MERGED | +2 | +1 |
| 160670,1 | Merge remote-tracking branch 'couchbase/cheshire-cat' | master | ns_server | Status: MERGED | +2 | +1 |
| 160712,3 | MB-48275 remove need for system_catalog_read privilege for udf backup | master | query | Status: MERGED | +2 | +1 |
| 160753,2 | MB-48275: add/update rbac test cases for backup | cheshire-cat | testrunner | Status: MERGED | +2 | +1 |
| 161047,2 | MB-48275: add/update rbac test cases for backup | master | testrunner | Status: MERGED | +2 | +1 |