Error backing up cluster with only Data Backup & Restore role assigned to user


#1

We are trying to backup a Couchbase 5.5.2 testing cluster, but the cbbackupmgr backup stops with this error:

2018-10-09T19:06:36.913+02:00 (Plan) Data transfer completed after 6.195562578s
2018-10-09T19:06:36.929+02:00 (Plan) Transfering Eventing metadata
2018-10-09T19:06:36.930+02:00 (Rest) GET http://localhost:8091/pools/default/nodeServices 200
2018-10-09T19:06:36.950+02:00 (Rest) GET http://192.168.55.1:8096/api/v1/export 403
2018-10-09T19:06:36.960+02:00 ERRO: : – plan.(*events).execute() at events.go:43
2018-10-09T19:06:36.960+02:00 (Plan) Transfer plan failed due to error :
2018-10-09T19:06:36.961+02:00 (Cmd) Error backing up cluster: :

It’s seems like the user ‘backup’ with Data Backup & Restored role assigned, has no access to http://192.168.55.1:8096/api/v1/export .

If we assign Full Admin role to ‘backup’ user, then ‘backup’ can access to http://192.168.55.1:8096/api/v1/export

If we assign all roles, except Full Admin, to ‘backup’ user, then ‘backup’ can not access to http://192.168.55.1:8096/api/v1/export

Our Couchbase Eventing service config has no functions running currently.

How can setup security for our backup user to run Couchbase backups, without Full Admin role assigment?

Thanks.


#2

@jlopez thanks for bringing this to our attention - this seems to be a bug with our rbac role of “Data Backup & Restore” role - https://issues.couchbase.com/browse/MB-31639 has been filed for this issue - will most likely be fixed in our next maintenance release for 5.5.