In our “Enterprise Edition 7.0.3 build 7031” installation, trying to use the user-manage command to create a group fails if any EE-only roles are passed in the --roles parameter.
For example, using “--roles data_reader[myBucket:myScope]” fails, but “--roles bucket_full_access[*]” works.
I am running the command as the Administrator user. Creating the same group works fine in the UI as this user.
What could be making couchbase-cli think it is running in a Community installation?
What mechanism does couchbase-cli use to determine if EE-only features are allowed?
Hey @jodum thanks for reaching out. I’ll ask the team to take a look at this but you might also consider opening a support ticket in case we want to dig into the logs a bit more.
Does the scope “myScope” exist for the “myBucket” bucket? Seems like a better error should be returned.
$ ./couchbase-cli user-manage -c localhost:9000 -u Administrator -p asdasd --set-group --group-name testgroup --roles data_reader[myBucket:myScope]
SUCCESS: Group ‘testgroup’ set
$ ./couchbase-cli user-manage -c localhost:9000 -u Administrator -p asdasd --set-group --group-name testgroup --roles data_reader[myBucket:nonexistentScope]
ERROR: roles - Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [data_reader[myBucket:nonexistentScope]]
