Dashboard: Run as Role throws insufficient permissions

Mike · February 6, 2024, 8:11pm

Am I overseeing something, or is that a bug? I try to run in the dashboard a Query as a Role, but I’m getting Insufficient privileges, although the Role should have sufficient privileges:

ptpaterson · February 7, 2024, 2:13pm

Hi @Mike We’re investigating this. I do agree with you; The Role is pretty clear! read: true

That said, we’re having trouble replicating. Are you able to cause this issue consistently and provide steps?

I was curious if there could be document references in your Questions that could be causing the permission error, but you can see here that my Bits collection contains references the Role doesn’t have permission to.

I also checked if this was related to Role-based UDF call works in dashboard but not query from site despite correct token. I tried a number of ways to get the Role to essentially be ignored, but I couldn’t. This other issue is related to roles with a membership, and your Role doesn’t have a membership.

Mike · February 7, 2024, 4:43pm

@ptpaterson Indeed, the document references creating the Problem. But only a specific one.

The document that I tried to access with the role:

{
  id: "388614001847697611",
  coll: Question,
  ts: Time("2024-02-02T10:34:02.570Z"),
  title: "Name of Shareholder 1?",
  masterQuestion: MasterQuestion.byId("388607667910738123"),
  version: 1,
  owner: User.byId("388613051535851728")
}

If I add read privileges to MasterQuestion too, but not to User it works.

role OwnerExist {
  privileges Question {
    write {
      predicate ((originalDoc, newDoc) => {
        newDoc.owner != null || originalDoc.owner != null
      })
    }
    read
  }

  privileges MasterQuestion {
    read
  }
}

So it seems MasterQuestion is breaking the workflow somehow, but not User

I also add the other two referenced documents; maybe you see there is a problem:

User document:

{
  id: "388613051535851728",
  coll: User,
  ts: Time("2024-02-02T10:18:56.280Z"),
  name: "Mike"
}

User definition:

collection User {
}

MasterQuestion document:

{
  id: "388607667910738123",
  coll: MasterQuestion,
  ts: Time("2024-02-02T08:53:22.050Z"),
  title: "Name of Shareholder {{}}?"
}

MasterQuestion definition

collection MasterQuestion {
  history_days 0
}

Out of curiosity and for future simplicity, Is it technically possible to impersonate me to access my database to debug it directly there?

Topic		Replies	Views
Dashboard > Security > Edit Role > Indexes is buggy Help dashboard , bug	2	465	April 6, 2021
"Cannot read reference." error when trying to modify role permissions in dashboard Help	6	427	April 6, 2021
Dashboard Security Role UI is not showing all the options for Functions Help dashboard , functions	4	301	October 14, 2021
Using Dashboard on multiple Devices/Browser Feature Requests dashboard , bug	1	255	November 15, 2022
Database has disappeared from dashboard Help bug	5	337	October 5, 2021

Dashboard: Run as Role throws insufficient permissions

Related Topics