Description
While working on MB-60778 (https://review.couchbase.org/c/ns_server/+/207406),
I ran into this - there is currently no way to specify permissions that should apply to a specific scope (or collection) across all buckets (or across all buckets and scopes) short of enumerating the permissions for each bucket, scope, collection.
This ticket is to track the specification of a permission:
[bucket_name, scope_id, collection_id] where any or all are allowed to be set to *.
For MB-60778, it's enough to be able to specify [*, <uid of _system>, <uid of _mobile>].
Currently, memcached allows specifying privileges for:
[bucket] => applies to all scopes and collections in the bucket
[bucket, scope_id] => applies to all collections in [bucket, scope_id]
Currently, in ns_server, we don't specify a * except when a user has all privileges to all buckets. We don't use a * in any other case.
For system scopes/collections (those that begin with a '_'), it is the case that ns_server assigns the uids and these look constant across all buckets. If the uid for a system scope/collection is fixed across all buckets/scopes in the system (for a particular configuration/cluster_compat version), we should be able to specify [*, <system_scope_uid>, <system_scope_collection>] instead of having to enumerate all [b, s, c] combinations.