Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-50960

Eventing RBAC: Import of collection less handlers successful for user having insufficient privileges

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Critical
    • 7.1.0
    • 7.1.0
    • eventing
    • Enterprise Edition 7.1.0 build 2285
    • Untriaged
    • Centos 64-bit
    • 1
    • No

    Description

      STEP
      Create local user x having following roles.

      Manage Scope Functions [*:*]
      

      CASE A
      Import handler exported from 6.5.0.

      curl -XPOST -d @./abcde.json http://user1:asdasd@10.112.190.103:8096/api/v1/functions
      [
       {
        "code": 0,
        "warning_info": {
         "status": "Stored function: 'abcde' in metakv",
         "warnings": null
        }
       }
      ]
      

      Function creation successful even though user lacks data privileges.

      CASE B
      Import handler exported from Neo.

       curl -XPOST -d @./test\ \(1\).json http://user1:asdasd@10.112.190.103:8096/api/v1/functions
      [
       {
        "code": 60,
        "info": "Forbidden. User needs atleast one of the following permissions: [cluster.collection[src_bucket:_default:_default].data.dcpstream!read cluster.collection[metadata:_default:_default].data.docs!read cluster.collection[metadata:_default:_default].data.docs!insert cluster.collection[metadata:_default:_default].data.docs!upsert cluster.collection[metadata:_default:_default].data.docs!delete]"
       }
      ]
      

      Function creation fails as expected with appropriate error.

      PFA handlers used in above mentioned steps.

      Attachments

        1. abcde.json
          1 kB
        2. test (1).json
          0.8 kB

        Activity

          People

            ankit.prabhu Ankit Prabhu
            sujay.gad Sujay Gad
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              PagerDuty