Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Root user should not be reassigned other roles in space #3235

Closed
nianiaJR opened this issue Oct 29, 2021 · 4 comments · Fixed by #3868
Closed

Root user should not be reassigned other roles in space #3235

nianiaJR opened this issue Oct 29, 2021 · 4 comments · Fixed by #3868
Assignees
@jackwener
Labels
type/enhancement Type: make the code neat or more efficient
Milestone
v3.1.0

Comments

@nianiaJR
Copy link

Describe the bug (must be provided)
At now root user can be assigned to other roles in a space, it's confused for user which the real access he owns in the space?

Accoding to my test, if I'm the root user of one nebula db which includes a space test

$ GRANT ROLE User ON test TO root

SHOW ROLES IN test; It's seems that I'm the user role of the space test, but I can modified the schema becaused of the db root role.

User Role in space
image

Create TAG is allowed
image

Additional context
According to the confusing behavior of the role managing, it may cause some problems in applications about nebula.🤝
@nianiaJR nianiaJR added the type/bug Type: something is unexpected label Oct 29, 2021
@Sophie-Xie Sophie-Xie added this to the v3.0.0 milestone Oct 29, 2021
@Sophie-Xie Sophie-Xie assigned CPWstatic and unassigned Sophie-Xie Oct 29, 2021
@HarrisChu
Copy link
Contributor

why grant role to root? this scenario is not meaningful.

just like in linux system, root is the super admin for nebula cluster.

@Shylock-Hg
Copy link
Contributor

Yes, I think we should disable it.

@jamieliu1023 jamieliu1023 mentioned this issue Nov 1, 2021
Closed
@CPWstatic
Copy link
Contributor

Emmm, we also have a role named GOD. The total access control and role are not well designed.

@Sophie-Xie
Copy link
Contributor

@slimshadylol0303 Please take a look at this question, you can combine it with role optimization.

@Sophie-Xie Sophie-Xie added type/enhancement Type: make the code neat or more efficient and removed type/bug Type: something is unexpected labels Dec 9, 2021
@Sophie-Xie Sophie-Xie modified the milestones: v3.0.0, v3.1.0 Dec 9, 2021
@Sophie-Xie Sophie-Xie removed this from the v3.1.0 milestone Dec 9, 2021
@Sophie-Xie Sophie-Xie moved this from Todo to Backlog in Nebula Graph v3.1.0 Jan 20, 2022
@Sophie-Xie Sophie-Xie added this to the v3.1.0 milestone Feb 8, 2022
@jackwener jackwener mentioned this issue Feb 9, 2022
Merged
11 tasks
@Sophie-Xie Sophie-Xie moved this from Backlog to Reviewing in Nebula Graph v3.1.0 Feb 10, 2022
Repository owner moved this from Reviewing to Done in Nebula Graph v3.1.0 Feb 11, 2022
@jamieliu1023 jamieliu1023 mentioned this issue Feb 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jackwener jackwener

Labels
type/enhancement Type: make the code neat or more efficient
Projects
No open projects
Nebula Graph v3.1.0
Status: Done
Milestone
v3.1.0
Development

Successfully merging a pull request may close this issue.

Forbid grant root user jackwener/nebula
7 participants
@HarrisChu @nianiaJR @CPWstatic @jackwener @Shylock-Hg @Sophie-Xie @slimshadylol0303