search

influxdata / influxdb

Scalable datastore for metrics, events, and real-time analytics
https://influxdata.com
Apache License 2.0
28.84k stars 3.55k forks source link

'CreateDatabase' permission won't let user view retention policies #9727

Open gshif opened 6 years ago

gshif commented 6 years ago

Chronograf using bunch of cluster permissions. One of the permissions is 'CreateDatabase' User with only 'CreateDatabase' permission is not allowed to create a database. The documentation for chronograf mentions that user with this permission should be able to create databases, retention policies, alter and view retention policies. The actual error message received status code 403 from server: err: error authorizing query: <USER NAME> not authorized to execute statement 'SHOW RETENTION POLICIES ON _internal1

What was found out is that user is able to create databases using db 'influx' command: root@ip-10-0-105-191:/home/ubuntu# influx -username user_CreateDatabase -password user_CreateDatabase Connected to http://localhost:8086 version 1.5.2-c1.5.2 InfluxDB shell version: 1.5.2-c1.5.2 create database WOW with duration 3d replication 1 shard duration 1h name "works"

User also can create and alter a retention policy

create retention policy "HELLO" on "WOW" DURATION 1d REPLICATION 2 SHARD DURATION 1h DEFAULT alter retention policy "HELLO" ON "WOW" DURATION 5d

BUT User was not able to view retention policies on the created database using 'SHOW RETENTION POLICIES' command, the error error authorizing query: user_CreateDatabase not authorized to execute statement 'SHOW RETENTION POLICIES'

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.