Issue with create primary index on bucket name for N1QL


#1

Hi, i want to run N1QL queries. but when i try to created primary index on bucket. it is giving following error.

User does not have credentials to run index operations. Add role query_manage_index on stores to allow the query to run.

SDK details

couchbase-server-community_5.0.1-ubuntu16.04_amd64.deb
couchbase-sync-gateway-community_2.0.0_x86_64.deb

I didn’t find query_manage_index anywhere in 8091 UI page. please help me on this.

Please find attachments.



#2

Hi @itssrinadh,

The Community Edition has many fewer roles than the Enterprise Edition, and we do know that the documentation doesn’t do a good job explaining the difference (https://issues.couchbase.com/browse/DOC-3592).

The error message is definitely incorrect for the Community Edition, I filed an issue to fix that: https://issues.couchbase.com/browse/MB-29768

For creating indexes, it should be possible with either “Admin” or “Bucket Full Access”. You don’t want to click “Read Only Admin” since that role can’t do anything.

The error that you posted does show up if you try to run a query with no credentials at all. Are you sure that you are including credentials with the HTTP request?


#3

Hi itssrinsdh,

I tried but was not able to reproduce it with Admin user. However, I was able to reproduce it with “Read Only Admin” which is supposed not to be able to handle query index management.
Can you please make sure you are logged in as “Admin” user ? (I know the screen capture shows you are the Admin but just wanted to double check, since I can reproduce this only if I am logged in with “Read Only Admin”)

Side note is that “query_manage_index” role is not available for community version, meaning the error message is a bit misleading but in high level, it means you need full access to use query in UI.

FYI, if you have only “Bucket Full Access”, you can not even login to UI (so it means you have either ‘Admin’ role or ‘Read Only Admin’)

-Jae


#4

Sure, I will change to the enterprise edition and let me know, where should I give my credentials on this request. I didn’t give any credentials to for this request.


#5

@Jae I logged with admin only. As per @eben comment. I will update to the enterprise edition.

I am getting another issue also. When I disabled guest access to true and when I hit the following url it is asking username and password. When I enter username and password as mentioned in sync gateway config file. Those are also not acceptable.

http://ipaddress:4984/db/_all_docs.

following is my sync gateway config file

   {
	"log": ["*"],
	"adminInterface": "127.0.0.1:4985",
	"interface": "0.0.0.0:4984",
	"databases": {
		"db": {
			"server": "http://ipaddress:8091",
			"bucket" : "stores",
			"username" : "admin",
			"password" : "password",
			"users": {
				"GUEST": {"disabled": true, "admin_channels": ["*"] }
			},
			"sync": `function (doc, oldDoc) {
                if (doc.sdk) {
                    channel(doc.sdk);
                }
            }`
        }
	}
}

#6

@itssrinadh - the Community edition should work, as long as you set up a user with either “Admin” or “Bucket Full Access” roles.

I tried submitting the query via CURL using a “Bucket Full Access” user named “don”, and it worked o.k.:

curl http://don2:don_pw@localhost:8093/query/service -d 'statement=create primary index on default;'

A “Bucket Full Access” user can’t log in to the admin UI, but if you have an Admin user they can also run the query using the admin UI.


#7

Thank you, i will check it.


#8

@eben It is working on community edition too with applying basic authentication.


#9

@itssrinadh - Great! I’m glad we found a solution.