Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-58828

[N1QL][UDF][RBAC] udf can be executed without the proper roles

    XMLWordPrintable

Details

    • Untriaged
    • 0
    • Yes

    Description

      I have a user that only has manage global functions perms

      i have two functions
      celsius and celsius1 they are both defined as

      CREATE FUNCTION celsius(degrees) LANGUAGE INLINE AS (degrees - 32) * 5/9
      CREATE FUNCTION celsius1(degrees) LANGUAGE INLINE AS (degrees - 32) * 5/9

      ajaybhullar@SCML0613 ~ % curl -u johnDoe100:password1 http://172.23.104.110:8093/query/service -d 'statement=SELECT RAW celsius(10)'
      {
      "requestID": "8a25948b-91a7-421d-a5aa-91ba64fb70e3",
      "signature": "json",
      "results": [
      ],
      "errors": [{"code":5010,"msg":"Error evaluating projection","reason":{"caller":"auth:392","code":13014,"key":"datastore.couchbase.insufficient_credentials","message":"User does not have credentials to run execute global functions. Add role query_execute_global_functions to allow the query to run."}}],
      "status": "errors",
      "metrics":

      {"elapsedTime": "1.228252ms","executionTime": "1.067629ms","resultCount": 0,"resultSize": 0,"serviceLoad": 6,"errorCount": 1}

      }
      ajaybhullar@SCML0613 ~ % curl -u johnDoe100:password1 http://172.23.104.110:8093/query/service -d 'statement=SELECT RAW celsius1(10)'
      {
      "requestID": "bb3b4f3b-7dfb-41e5-9a45-6042a4e2c263",
      "signature": "json",
      "results": [
      -12.222222222222221
      ],
      "status": "success",
      "metrics":

      {"elapsedTime": "1.324873ms","executionTime": "1.195862ms","resultCount": 1,"resultSize": 19,"serviceLoad": 6}

      }

      this user ONLY has manage global functions perms, so both should not work

      Attachments

        Issue Links

          backports to

          Bug - A problem which impairs or prevents the functions of the product. MB-59534 [BP to 7.1.6-MP1 & 7.2.3-MP1] [N1QL][UDF][RBAC] udf can be executed without the proper roles

          • Major - Major loss of function.
          • Closed
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MB-58648 [BP to 7.2.4 MB-55053] prepared statement with udf can leak memory

          • Major - Major loss of function.
          • Closed
          is triggered by

          Bug - A problem which impairs or prevents the functions of the product. MB-58479 Fatal error: concurrent map writes in (*ObjectConstruct).MapChildren()

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              bingjie.miao Bingjie Miao
              ajay.bhullar Ajay Bhullar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty