Closed mcandio closed 3 months ago
/assign @SimFG /unassign
@mcandio you need to give the dev_role
to the SelectOwnership
privilege
@mcandio you need to give the
dev_role
to theSelectOwnership
privilege
we can update root password if we have admin access right?
@xiaofan-luan yes, we can
@SimFG The outcome is the same either by setting SelectOwnership or the ones specified on my first comment.
@SimFG User should be able update their own password. Does this violate any rule of our RBAC? I think this is very straightforward to most of the users. Very similar to database management, I need to have access to list the databases I have access control
@mcandio when you fail to operate, is there any error message? When an error occurs, there should be a message indicating that the API does not have permission.
@xiaofan-luan The error occurs here mainly because some other APIs may be used in the attu page.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Rotten issues close after 30d of inactivity. Reopen the issue with /reopen
.
Is there an existing issue for this?
Environment
Current Behavior
We are trying to configure user privileges to standardise roles, we want to set a dev_role where the user is able to:
RenameCollection ShowCollections UpdateUser
As I understand from the documentation here, UpdateUser should be enough to let the user update its credentials, but it is failing, from the Attu UI (v2.3.8) it is not possible to see users or roles.
The only way we were able to let the user update its own password is to add to the role: CreateOwnership, DropOwnership or ManageOwnership.
In any case, by adding the previous privileges, we allow the user to see other users or to update out-of-the-scope stuff.
Expected Behavior
Privilege should grant the user the ability to update its own password and not to manage bind role to user, alter other users password or manage roles.
Steps To Reproduce
Milvus Log
No response
Anything else?
No response