You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected feature: Server license (user access to /_admin/license)
AQL query (if applicable): N/A
AQL explain and/or profile (if applicable): N/A
Dataset: N/A
Size of your Dataset on disk: N/A
Replication Factor & Number of Shards (Cluster only): N/A
Steps to reproduce
Create a new container for image arangodb/enterprise:3.11.8.
Docker run command: docker run --hostname=<hostname> --mac-address=<mac_address> --env=ARANGO_ROOT_PASSWORD=root --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --env=GLIBCXX_FORCE_NEW=1 -p 8530:8529 --restart=no --runtime=runc -d arangodb/enterprise:3.11.8
Set a new license with root user PUT http://localhost:8530/_db/_system/_admin/license
Create new user jdoe
Create DB jdoedb
Set access for jdoe in the web UI ("No Access" to _system, "Access" to jdoedb)
Problem:
Calls to get/set license with DB jdoedb and authenticated with jdoe user are successful (Tested with basic auth). jdoe is able to get and set the server license even though he doesn't have access to _system.
See screenshots below. On the left, access for jdoe user. On the right, API calls with Postman.
Expected result:
Calls to get/set license with DB jdoedb and authenticated with jdoe user are unauthorized. jdoe is not able to get and set the server license because he doesn't have access to _system.
My Environment
Component, Query & Data
Affected feature: Server license (user access to
/_admin/license
)AQL query (if applicable): N/A
AQL explain and/or profile (if applicable): N/A
Dataset: N/A
Size of your Dataset on disk: N/A
Replication Factor & Number of Shards (Cluster only): N/A
Steps to reproduce
arangodb/enterprise:3.11.8
.Docker run command:
docker run --hostname=<hostname> --mac-address=<mac_address> --env=ARANGO_ROOT_PASSWORD=root --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --env=GLIBCXX_FORCE_NEW=1 -p 8530:8529 --restart=no --runtime=runc -d arangodb/enterprise:3.11.8
PUT http://localhost:8530/_db/_system/_admin/license
Problem:
Success: GET http://localhost:8530/_db/jdoedb/_admin/license
Success: PUT http://localhost:8530/_db/jdoedb/_admin/license
Unauthorized: GET http://localhost:8530/_db/_system/_admin/license
Unauthorized: PUT http://localhost:8530/_db/_system/_admin/license
See screenshots below. On the left, access for jdoe user. On the right, API calls with Postman.
Expected result:
Unauthorized: GET http://localhost:8530/_db/jdoedb/_admin/license
Unauthorized: PUT http://localhost:8530/_db/jdoedb/_admin/license
Unauthorized: GET http://localhost:8530/_db/_system/_admin/license
Unauthorized: PUT http://localhost:8530/_db/_system/_admin/license
The text was updated successfully, but these errors were encountered: