Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: [rbac] DatabaseReadWrite has privilege CreateCollection but it failed indeed #2523

Open
1 task done
NicoYuan1986 opened this issue Dec 27, 2024 · 2 comments
Open
1 task done

[Bug]: [rbac] DatabaseReadWrite has privilege CreateCollection but it failed indeed #2523

NicoYuan1986 opened this issue Dec 27, 2024 · 2 comments
Assignees
@NicoYuan1986
Labels
kind/bug Something isn't working
Milestone
2.5.4

Comments

@NicoYuan1986
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

[rbac] DatabaseReadWrite has privilege CreateCollection but it failed indeed.
create a role has privilege DatabaseReadWrite.
and create a collection , it will fail because PrivilegeDescribeCollection permission deny

Expected Behavior

pass

Steps/Code To Reproduce behavior

from pymilvus import MilvusClient
client = MilvusClient(uri="",
                      token="DatabaseReadWrite:Milvus123")

>>> client.create_collection('testaa', 5)
2024-12-27 18:05:55,052 [ERROR][handler]: grpc RpcError: [describe_collection], <_MultiThreadedRendezvous: StatusCode.PERMISSION_DENIED, PrivilegeDescribeCollection: permission deny to DatabaseReadWrite in the `default` database>, <Time:{'RPC start': '2024-12-27 18:05:54.947293', 'gRPC error': '2024-12-27 18:05:55.051939'}> (decorators.py:151)
2024-12-27 18:05:55,052 [ERROR][handler]: grpc RpcError: [create_index], <_MultiThreadedRendezvous: StatusCode.PERMISSION_DENIED, PrivilegeDescribeCollection: permission deny to DatabaseReadWrite in the `default` database>, <Time:{'RPC start': '2024-12-27 18:05:54.947227', 'gRPC error': '2024-12-27 18:05:55.052358'}> (decorators.py:151)
2024-12-27 18:05:55,052 [ERROR][_create_index]: Failed to create an index on collection: testaa (milvus_client.py:175)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/milvus_client/milvus_client.py", line 79, in create_collection
    return self._fast_create_collection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/milvus_client/milvus_client.py", line 143, in _fast_create_collection
    self.create_index(collection_name, index_params, timeout=timeout)
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/milvus_client/milvus_client.py", line 154, in create_index
    self._create_index(collection_name, index_param, timeout=timeout, **kwargs)
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/milvus_client/milvus_client.py", line 176, in _create_index
    raise ex from ex
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/milvus_client/milvus_client.py", line 165, in _create_index
    conn.create_index(
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 155, in handler
    raise e from e
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 90, in handler
    raise e from e
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/client/grpc_handler.py", line 973, in create_index
    collection_desc = self.describe_collection(collection_name, timeout=timeout, **copy_kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 155, in handler
    raise e from e
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 137, in handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 176, in handler
    return func(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 90, in handler
    raise e from e
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/decorators.py", line 86, in handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/pymilvus/client/grpc_handler.py", line 393, in describe_collection
    response = rf.result()
               ^^^^^^^^^^^
  File "/Users/zilliz/virtual-environment/milvus/lib/python3.11/site-packages/grpc/_channel.py", line 797, in result
    raise self
grpc._channel._MultiThreadedRendezvous: <_MultiThreadedRendezvous of RPC that terminated with:
        status = StatusCode.PERMISSION_DENIED
        details = "PrivilegeDescribeCollection: permission deny to DatabaseReadWrite in the `default` database"
        debug_error_string = "UNKNOWN:Error received from peer ipv4:52.74.223.179:19534 {created_time:"2024-12-27T18:05:55.046898+08:00", grpc_status:7, grpc_message:"PrivilegeDescribeCollection: permission deny to DatabaseReadWrite in the `default` database"}"
>
>>>

Environment details

- Hardware/Softward conditions (OS, CPU, GPU, Memory):
- Method of installation (Docker, or from source):
- Milvus version (v0.3.1, or v0.4.0):
- Milvus configuration (Settings you made in `server_config.yaml`):

Anything else?

No response
@NicoYuan1986 NicoYuan1986 added the kind/bug Something isn't working label Dec 27, 2024
@shaoting-huang
Copy link
Contributor

shaoting-huang commented Dec 27, 2024
edited
Loading

CreateCollection privilege is in DatabaseAdmin rather than DatabaseReadWrite. This is expected.

>>> role.list_grants()
GrantInfo groups:
- GrantItem: <object:Global>, <object_name:*>, <db_name:default>, <role_name:role>, <grantor_name:root>, <privilege:DatabaseReadWrite>
>>> client = MilvusClient(uri="http://localhost:19530", user="user1", password="Milvus")
>>> client.create_collection('testaa', 5)
2024-12-27 19:25:34,121 [ERROR][handler]: grpc RpcError: [create_collection], <_MultiThreadedRendezvous: StatusCode.PERMISSION_DENIED, PrivilegeCreateCollection: permission deny to user1 in the `default` database>, <Time:{'RPC start': '2024-12-27 19:25:34.121152', 'gRPC error': '2024-12-27 19:25:34.121922'}> (decorators.py:151)

@XuanYang-cn
Copy link
Contributor

/assign @NicoYuan1986

@XuanYang-cn XuanYang-cn added this to the 2.5.4 milestone Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NicoYuan1986 NicoYuan1986

Labels
kind/bug Something isn't working
Projects
None yet
Milestone
2.5.4
Development

No branches or pull requests
3 participants
@XuanYang-cn @NicoYuan1986 @shaoting-huang