horizon
horizon copied to clipboard
Connecting to RethinkDB with a regular (non admin) user fails
Server version: 2.0.0 Client version: 2.0.0
DB server set up through AWS Marketplace. Created a user and granted
r.db('mydb').grant('myuser', {read: true, write: true, config: false});
I get:
error: Connection to RethinkDB terminated: ReqlPermissionError: Only administrators may access system tables in:
r.db("rethinkdb").table("server_status").nth(0)("process")("version")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If I use the rethinkdb admin
user it works, but feels kinda out of control to let the app use the admin user.
@lirbank This is currently a limitation of RethinkDB. We have to wait for RethinkDB 2.4 until using a non-admin user is going to become an option (then you'll be able to grant read permissions on the server_status
system table to the Horizon user, currently it's not possible to do so).
@chipotle we should make sure to document this limitation for now. Currently only "admin"
works for the rdb_user
option (http://horizon.io/docs/configuration/ , http://horizon.io/docs/cli/ and potentially http://horizon.io/docs/embed/ , which is currently missing the rdb_user
argument alltogether).
There is a PR from my fellow co-founder @ni1s for the rdb_user with embedded https://github.com/rethinkdb/horizon/pull/804
@lirbank The fix for rdb_user
and rdb_password
being ignored in the CLI will not help with non-admin users though. I don't think there's much that can be fixed for this on the Horizon side, since Horizon relies on the table_status
system table which isn't accessible for non-admin users in RethinkDB 2.3 (it will be in 2.4).
Sure, I got that, was just making a cross reference WRT "[embedded...] which is currently missing the rdb_user argument altogether".
@lirbank Ah, thanks. I just meant that the documentation page about embedding Horizon was missing a mention of the parameters. (I've since opened a separate issue https://github.com/rethinkdb/horizon-docs/issues/117 in the documentation tracker for this).