Details
Description
Currently, read-only admins cannot see any part of the Backup Service in the UI or run any of the Backup Service APIs.
This is not acceptable to many customers, as read-only administrative users often monitor clusters and check that backups have completed.
For example, a backupfulladmin can see the task history for a Backup Service backup using the below API command:
curl -X GET http://localhost:8097/api/v1/cluster/self/repository/active/bucket1_backup/taskHistory -u backupfulladmin:password
|
But, the readonlyadmin gets this error when using the same API command:
{
|
"message": "Forbidden. User needs one of the following permissions",
|
"permissions": [
|
"backup_admin"
|
]
|
}
|
The below APIs are commonly used for monitoring the Backup Service backups – these and other Backup Service GET APIs should be allowed for read only admins.
/api/v1/cluster/self/repository/active
|
/api/v1/plan/<plan-name>
|
/api/v1/cluster/self/repository/active/<job-name>/taskHistory
|
Attachments
Issue Links
- is parent task of
-
DOC-12140 Doc: [CBBS] Backup Service should allow read-only admins to view the Backup Service
- In Progress
For Gerrit Dashboard: MB-61072 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
208454,2 | MB-61072 Allow GET requests if user has read perms | trinity | cbbs | Status: MERGED | +2 | +1 |
208455,4 | MB-61072 Hide action buttons for ro_admins | trinity | cbbs | Status: MERGED | +2 | +1 |
208679,3 | MB-61072 Give read-only admins `backup!read` perms | trinity | ns_server | Status: MERGED | +2 | +1 |
208809,2 | Merge branch 'trinity' into 'master' | master | cbbs | Status: MERGED | +2 | +1 |
208836,1 | Merge remote-tracking branch 'couchbase/trinity' | master | ns_server | Status: MERGED | +2 | +1 |