Cockroach: Grant admin role for Core version / Grant statement not response
I am running Core version of cockroachDB, upgraded from19.2.1 to 19.2.2. Then I lost the ability view Databases and Jobs Tab in Admin UI.
Try to grant admin role to my user name.
root@:26257/defaultdb> grant admin to leo;
pq: use of GRANT <role> requires an enterprise license. see https://cockroachlabs.com/pricing?cluster= for details on how to enable enterprise features
It makes sesne, I am running core version.
Then I try
root@:26257/defaultdb> alter user root with password 'asdfadfs';
pq: user root cannot use password authentication
Then I try
root@:26257/defaultdb> grant select on table system.* to leo;
CLI did not response to this statement and I have to Control-C out. I believe we can have better response rather than nothing.
My question is how can I allow my selected user to view all tabs on Web UI?
Can we have ability to assign only the admin role in core version?
leomkkwan
All 9 comments
also seeing this, they basically broke this by limiting the grant feature to enterprise and binding everything to the admin role on the other hand...
wzrdtales
on 28 Jan 2020
A workaround would be:
insert into role_members (role, member, "isAdmin") VALUES ('admin', 'username', true);
And then start through all nodes.
wzrdtales
on 28 Jan 2020
I think this got somehow under the radar. @yuzefovich
This should definitely be treated as a bug, or design failure since the admin role is created by default and the role system is in use not only in the enterprise version. So at least the admin role should be assignable also in the core version. I think from a business perspective that should be fine for you guys too.
wzrdtales
on 30 Jan 2020
I think this is a known issue that we accidentally introduced in 19.2.2 and it should be fixed in 19.2.3. Probably @knz could give you more details.
yuzefovich
on 30 Jan 2020
yes correct what @yuzefovich said. we added an explanation about this in a new section 'security update' at the top of the release notes for 19.2.2:
https://www.cockroachlabs.com/docs/releases/v19.2.2.html#security-updates
With recommendations for workarounds until 19.2.3 is out.
Does this help?
knz
on 30 Jan 2020
i have it solved, and a posted a better workaround than getting a license in here. just wanted that this is actually in the pipeline good to know it is already :)
wzrdtales
on 30 Jan 2020
Cool then i'm going to close this and let us know if you need anything more.
knz
on 30 Jan 2020
A workaround would be:
insert into role_members (role, member, "isAdmin") VALUES ('admin', 'username', true);And then start through all nodes.
Just to clear it out: run this command on system database, and then restart all CRDB nodes to clean auth cache.
Bluesboy
on 13 Mar 2020
or use insert into system.role_members ...
Note: we've also removed the license requirement for GRANT admin in v19.1/v19.2/v20.1.
knz
on 14 Mar 2020
Related issues
awoods187
路
3Comments
ajwerner
路
4Comments
HeikoOnnebrink
路
4Comments
petermattis
路
4Comments
nvanbenschoten
路
3Comments
Most helpful comment
A workaround would be:
And then start through all nodes.