A Issue about Event store Admins group

zhenguang_zhu · April 15, 2020, 3:54pm

Hi all:

I am using eventstore 3.0.1 now. Just a few days ago, I wanted to rewrite $setting and change the stream acl, but I made a mistake that wrongly change ‘admins’ to ‘admin’.

The system stream acl $setting like this now:

‘$systemStreamAcl’ : {

   '$r'      : '$all',

   '$w'    : '$all',

   '$d'     : '$admin',

   '$mr'   : '$admin',

   '$mw' : '$admin'

}

After that, when I create a new user in EventStore UI, and choose ‘Administrator’, the new user belongs to "$Admin" group but not "$Admins". And the new user has not Administrator permission.

And I made a mistake again, I make the default admin user belong to $Admin group. Now no user belong to $Admins group, thus no user have Administrator permission. I could not change system informations any more.

I fount this problem dose not appear in 3.0.5+ version. But I have used the 3.0.1 version in the server, and could not delete any data files.

Any one have any suggestions?

Thanks a lot.

Greg_Young1 · April 15, 2020, 4:03pm

"
After that, when I create a new user in EventStore UI, and choose
'Administrator', the new user belongs to "$Admin" group but not
"$Admins". And the new user has not Administrator permission.

And I made a mistake again, I make the default admin user belong to
$Admin group. Now no user belong to $Admins group, thus no user have
Administrator permission. I could not change system informations any
more."

Creating a user should still put that user in the $admins group. You
would have to go manually edit the user to get it in $admin or maybe I
am missing what is going on?

zhenguang_zhu · April 15, 2020, 4:03pm

Thank you Young.

In the version 3.0.5+, there are not any problems about that. But In my server, I use 3.0.1 version. In my current case, there are not any admin role users(include default admin user). Nobody could edit system informations(include reset password, create new user, disable user…). Are there any remedial measures?

Thanks.

在 2015年10月25日星期日 UTC+8下午11:08:06，Greg Young写道：

Greg_Young1 · April 15, 2020, 4:03pm

You just gave one I have to look back to see if there was an issue
fixed around this but the UI should never create a user in $admin the
only way I can see the above situation happening is if you manually
edited the ACL and the user to remove them from the group (unless I am
misunderstanding you)

pieter.germishuys · May 1, 2020, 3:45pm

Greg, you are correct.
The issue was fixed in 3.0.1 of the UI.

Commit that fixed the issue https://github.com/EventStore/EventStore.UI/commit/80259fe99004b0d33a460058fa8cdc953281b3f3 and the release notes for the release that included the commit https://github.com/EventStore/EventStore.UI/releases/tag/oss-v3.0.1

Chaohui_Zhang1 · April 15, 2020, 4:04pm

@Zhenguang, you are right and great, i can reproduce this issue on 3.0.5 that your provide.

@Greg:

I used admin account login to EventStore UI (3.0.5), and to edit admin’s information, uncheck the “Is Administrator” uncarefully, then save. so this issue happened.

admin account have no permission to create,edit users and other administrator operations. I just found one solution to give back admin account permission is to clear all data, but I have more than 10GB data can’t be delete.

How to give back admin account’s permission, please help me to fix this problem.

在 2015年10月26日星期一 UTC+8下午11:07:36，Pieter Germishuys写道：