Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use least privilege model between Gluu and Couchbase #177

Closed
moabu opened this issue Sep 22, 2020 · 0 comments
Closed

Use least privilege model between Gluu and Couchbase #177

moabu opened this issue Sep 22, 2020 · 0 comments
Assignees
@moabu
Labels
enhancement New feature or request Medium Priority Priority level medium

Comments

@moabu
Copy link
Member

moabu commented Sep 22, 2020

Is your feature request related to a problem? Please describe.

The user should have only the Roles necessary for Gluu to operate correctly after installation.

In addition use of the admin user for normal operations floods Couchbase audit logs. Although Couchbase auditing can exclude specified users the admin user can not be excluded. It is required to have auditing for all team member user access but not for service user access. By using the "admin" user for service access auditing cannot be configured.

Describe the solution you'd like

  • Create the superuser as already done
  • Create another user named gluu specified with only the permissions needed to interact with Couchbase.

Permission list :

  • query_select
  • query_update
  • query_insert
  • query_delete

Possible permissions needed:

  • data_reader
  • data_writer
@moabu moabu added the enhancement New feature or request label Sep 22, 2020
@moabu moabu self-assigned this Sep 22, 2020
@moabu moabu changed the title Use least privilage model between Gluu and Couchbase Use least privilege model between Gluu and Couchbase Sep 22, 2020
@moabu moabu added the Medium Priority Priority level medium label Sep 22, 2020
@moabu moabu closed this as completed in 824feef Sep 24, 2020
moabu added a commit that referenced this issue Sep 24, 2020
@moabu
Add cb pass mount to persistence
e5be1dd 
resolves #177
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moabu moabu

Labels
enhancement New feature or request Medium Priority Priority level medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@moabu