Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-51546

Document viewer not available for user with Query Select role only

    XMLWordPrintable

Details

    • Untriaged
    • 1
    • Unknown

    Description

      If you create a user whose role is Query Select for a single scope or collection, e.g. [travel-sample:inventory:*] or [travel-sample:inventory:airline], such a user is not permitted to see or use the Document Viewer UI.

      Currently, the Document Viewer UI relies on cluster.collection[].collections.read permission, which at present is only available with the Bucket -> Manage Scopes role. Without that permission, the client can't use the REST API for listing scopes and collections, which is needed to select a bucket, scope, and collection to retrieve Documents.

      A workaround is possible using the query service. A user with scope or collection Query Select is allowed to retrieve a list of only the permitted scopes and collections using the 'select * from system:keyspaces' query. We should re-work the Document Viewer menu code to use N1QL to return the available scopes and collections. However, this code must be able to fall back to the REST API should the cluster not have any query service.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            pavel Pavel Blagodov
            eben Eben Haber
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty