search

milvus-io / milvus

A cloud-native vector database, storage for next generation AI applications
https://milvus.io
Apache License 2.0
30.98k stars 2.95k forks source link

[Bug]: [privilege_group] List alias is not forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin" #38052

Open binbinlv opened 10 hours ago

binbinlv commented 10 hours ago

Is there an existing issue for this?

Environment

- Milvus version: master-latest
- Deployment mode(standalone or cluster): both
- MQ type(rocksmq, pulsar or kafka):   all 
- SDK version(e.g. pymilvus v2.0.0rc2): 2.6.0rc2
- OS(Ubuntu or CentOS): 
- CPU/Memory: 
- GPU: 
- Others:

Current Behavior

List alias is not forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin"

Expected Behavior

List alias is forbidden when login with the user added in the role granted with the built-in privilege group "ClusterReadOnly"/"ClusterReadWrite"/"ClusterAdmin"

Steps To Reproduce

from pymilvus import connections
from pymilvus import CollectionSchema, FieldSchema
from pymilvus import Collection
from pymilvus import connections
from pymilvus import DataType
from pymilvus import Partition
from pymilvus import utility
from pymilvus import MilvusClient
from pymilvus import Role

connections.connect(host="***", user="root", password="Milvus")
client = MilvusClient(uri="http://***:19530", user="root", password="Milvus")
client.create_collection("binbin_new", dimension=128)
role = Role("binbin")
role.create()
utility.list_roles(True)
utility.create_user(user="user1", password="Milvus")
role.add_user("user1")
utility.list_roles(True)
role.list_grants()
role.grant_v2("ClusterReadOnly", "*", "*")
utility.create_alias("binbin_new", "binbin_new_alias")
res = utility.list_aliases("binbin_new")
print(res)
connections.connect(host="***", user="user1", password="Milvus")
res = utility.list_aliases("binbin_new")
print(res)

Milvus Log

No response

Anything else?

No response

binbinlv commented 10 hours ago

And the followings in red "N" do not work as expected:

img_v3_02h1_4f99794b-8131-4a75-bf38-890cbc25a1eg

binbinlv commented 10 hours ago

/assign @shaoting-huang

sre-ci-robot commented 10 hours ago

@binbinlv: GitHub didn't allow me to assign the following users: shaoting-huang.

Note that only milvus-io members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/milvus-io/milvus/issues/38052#issuecomment-2503476973): >/assign @shaoting-huang Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
shaoting-huang commented 9 hours ago

/assign