attu icon indicating copy to clipboard operation
attu copied to clipboard
Published 1 month ago verified publisher icon zilliztech

The role permission is granted to the database but ui display error

Open Howie516 opened this issue 2 years ago • 4 comments

Describe the bug:

The role permission is granted to the database to implement namespace-like isolation, but an error occurs after the login

It seems that the default login is default database, but the actual authorization is a custom database, the page cannot display the databse, and the error is still reported after refreshing

error message: Error: 7 PERMISSION_DENIED: PrivilegeGetStatistics: permission deny

image

Steps to reproduce:

  1. Create a user and authorize the role
  2. The user-defined database is selected for role authorization. The default database is not granted permission
  3. Log in to the system using the new user, switch between different databases, and check whether an error occurs

Attu version:

v2.2.10

Attu version:

Howie516 avatar Oct 30 '23 11:10 Howie516

Attu depends on many global APIs, so it may not function correctly for a user who only has object-level permissions. This is the expected behavior for now, but we plan to address this issue in the future.

shanghaikid avatar Oct 30 '23 13:10 shanghaikid

Attu depends on many global APIs, so it may not function correctly for a user who only has object-level permissions. This is the expected behavior for now, but we plan to address this issue in the future.

Object level permissions do not include database, right? Only Collection, Global, and User are displayed. In this case, we want to assign roles to only one database to realize resource isolation between different roles in the database. But now attu uses default dadabase to log in, and there are many errors. This feature is a concern in the production environment, hope to fix it soon~

Howie516 avatar Oct 31 '23 02:10 Howie516

Attu depends on many global APIs, so it may not function correctly for a user who only has object-level permissions. This is the expected behavior for now, but we plan to address this issue in the future.

Object level permissions do not include database, right? Only Collection, Global, and User are displayed. In this case, we want to assign roles to only one database to realize resource isolation between different roles in the database. But now attu uses default dadabase to log in, and there are many errors. This feature is a concern in the production environment, hope to fix it soon~

I understand your perspective, but modifying the current architecture could be time-consuming and require significant effort. Therefore, I cannot make any promises at this time.

shanghaikid avatar Oct 31 '23 02:10 shanghaikid

Attu depends on many global APIs, so it may not function correctly for a user who only has object-level permissions. This is the expected behavior for now, but we plan to address this issue in the future.

Object level permissions do not include database, right? Only Collection, Global, and User are displayed. In this case, we want to assign roles to only one database to realize resource isolation between different roles in the database. But now attu uses default dadabase to log in, and there are many errors. This feature is a concern in the production environment, hope to fix it soon~

I understand your perspective, but modifying the current architecture could be time-consuming and require significant effort. Therefore, I cannot make any promises at this time.

OK,thanks. Look forward to seeing the improvements in the next release

Howie516 avatar Oct 31 '23 04:10 Howie516