New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
non-admin users can't run USE in the CLI #6397
Comments
@beckettsean should we allow non-admins to use |
If non-admins can run Alternately we could remove the I think it warrants a more involved discussion. @jwilder @pauldix @gunnaraasen your thoughts? |
I agree we should allow non-admin users to see only databases where they have either read or write privileges. Looks like this is a duplicate of #4785. |
This would be useful for the Admin UI also. As right you can't query data with non-admin user, as it can't get the list of databases. |
Previously, a non-admin could not call "use" in the influx cli since the `SHOW DATABASES` command requires admin permissions to run. The correct solution to this is likely to allow non-admins to call `SHOW DATABASES`, but only see the databases they should be capable of seeing. Since we don't have this kind of fine-grained authorization yet and plans for it are still in the works, we do need someway to not arbitrarily cripple non-admins attempting to use the cli program. This is a temporary solution that will ignore any authorization errors from `SHOW DATABASES` if authorization has been set. A warning message will be printed and the database will be switched. This should be enough to ensure that there is some warning that you may not have switched to a valid database while not crippling non-admin users. A temporary solution for #6397.
Previously, a non-admin could not call "use" in the influx cli since the `SHOW DATABASES` command requires admin permissions to run. The correct solution to this is likely to allow non-admins to call `SHOW DATABASES`, but only see the databases they should be capable of seeing. Since we don't have this kind of fine-grained authorization yet and plans for it are still in the works, we do need someway to not arbitrarily cripple non-admins attempting to use the cli program. This is a temporary solution that will ignore any authorization errors from `SHOW DATABASES` if authorization has been set. A warning message will be printed and the database will be switched. This should be enough to ensure that there is some warning that you may not have switched to a valid database while not crippling non-admin users. A temporary solution for #6397.
Closing this in favor of #4785 since they are duplicates. A hack has already been included to get around this right now, so now we just need to fix the underlying problem. |
Bug report
System info: [Include InfluxDB version, operating system name, and other relevant details]
InfluxDB 0.12.1, Ubuntu 14.04, not a fresh install (upgraded from 0.10 over time)
Steps to reproduce:
ALL
privileges to an existing databaseExpected behavior: [What you expected to happen]
non-admin user with
ALL
privs canUSE <database>
Actual behavior: [What actually happened]
non-admin user gets an auth error
Connecting directly to the database works:
However, the
mydb
user cannot issue a USE command, because the CLI has a behind the scenesSHOW DATABASES
command that fails:The text was updated successfully, but these errors were encountered: