Description
I've been testing various RBAC combinations in the UI, and I found the following situation.
- I created a user with the Query Select role for travel-sample.inventory.*
- When I check permissions for cluster.collection[travel-sample:.:.].data.docs!read, it is true, which makes total sense
- I add the role Query Update for travel-sample.inventory.*.
- Now cluster.collection[travel-sample:.:.].data.docs!upsert as true, which also makes sense.
- I add the role Query Insert and Query Delete for travel-sample.inventory.*
- Oddly, cluster.collection[travel-sample:.:.].data.docs!write remains false. That doesn't make sense.
- In fact, I can add the Data Writer role for travel-sample.inventory.*, and still the permissions check returns false for cluster.collection[travel-sample:.:.].data.docs!write.
If I log in as Administrator, data.docs!write is true, but it's not clear what role I can add to another user to enable data.docs!write.