horizon icon indicating copy to clipboard operation
horizon copied to clipboard

Published 20 hours ago verified publisher icon rethinkdb

Connecting to RethinkDB with a regular (non admin) user fails

Open lirbank opened this issue 7 years ago • 5 comments

Server version: 2.0.0 Client version: 2.0.0

DB server set up through AWS Marketplace. Created a user and granted

r.db('mydb').grant('myuser', {read: true, write: true, config: false});

I get:

error: Connection to RethinkDB terminated: ReqlPermissionError: Only administrators may access system tables in:
r.db("rethinkdb").table("server_status").nth(0)("process")("version")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If I use the rethinkdb admin user it works, but feels kinda out of control to let the app use the admin user.

lirbank avatar Sep 03 '16 21:09 lirbank

@lirbank This is currently a limitation of RethinkDB. We have to wait for RethinkDB 2.4 until using a non-admin user is going to become an option (then you'll be able to grant read permissions on the server_status system table to the Horizon user, currently it's not possible to do so).

@chipotle we should make sure to document this limitation for now. Currently only "admin" works for the rdb_user option (http://horizon.io/docs/configuration/ , http://horizon.io/docs/cli/ and potentially http://horizon.io/docs/embed/ , which is currently missing the rdb_user argument alltogether).

danielmewes avatar Sep 06 '16 20:09 danielmewes

There is a PR from my fellow co-founder @ni1s for the rdb_user with embedded https://github.com/rethinkdb/horizon/pull/804

lirbank avatar Sep 07 '16 18:09 lirbank

@lirbank The fix for rdb_user and rdb_password being ignored in the CLI will not help with non-admin users though. I don't think there's much that can be fixed for this on the Horizon side, since Horizon relies on the table_status system table which isn't accessible for non-admin users in RethinkDB 2.3 (it will be in 2.4).

danielmewes avatar Sep 07 '16 18:09 danielmewes

Sure, I got that, was just making a cross reference WRT "[embedded...] which is currently missing the rdb_user argument altogether".

lirbank avatar Sep 07 '16 19:09 lirbank

@lirbank Ah, thanks. I just meant that the documentation page about embedding Horizon was missing a mention of the parameters. (I've since opened a separate issue https://github.com/rethinkdb/horizon-docs/issues/117 in the documentation tracker for this).

danielmewes avatar Sep 07 '16 19:09 danielmewes