Hello,
Is it possible for a user to change its own password via the “settings/rbac/users” API with a set of roles less permissive than “full_admin”? It seems that having both the “cluster_admin” and “security_admin” (local) roles would be permissive enough from the documentation. However, I’ve not been able to use the API to change a user’s own password with any role besides “full_admin”.
For example, the error response from the API when trying to change a user’s own password via the following HTTP request seems to suggest that the “cluster_admin” and “security_admin” roles would be sufficient to authorize the request:
$ curl -X PUT -u user:password http://127.0.0.1:8091/settings/rbac/users/local/user -d password=password2
{"message":"Forbidden. User needs one of the following permissions","permissions":["cluster.admin.security.admin!write"]}
I understand there is also the “controller/changePassword” API which works with a less permissive role, but we’re using the Couchbase Go SDK, which doesn’t appear to have support for using that API.
I appreciate any help. Thanks!