Test Everest-1257 on Everest 1.2.0-rc8 version

Minimum read permissions in all namespaces

Result: The dbadmin user can add/edit/delete backup schedules on the backups page and in database edit for all namespaces.

Minimum read permissions in one namespace

Result: The dbadmin user can add/edit/delete backup schedules on the backups page and in database edit for a2 namespace only.

Minimum read permissions in one namespace for backups only

Result: The dbadmin user can access a database in a1 namespace if it does not have any backups enabled. User can add/edit/delete backup schedules on the backups page and in database edit for a2 namespace only.

Test with Everest 1.2.0-rc2 version
Manage Backup Schedules (create, update, delete a schedule)

• Read Namespaces

• Read DBs (not mandatory but it doesn’t make sense not to have it)

• Update DBs (schedule is part of the DB spec)

• Read BackupStorage

• Read Backups (not mandatory but it doesn’t make sense not to have it)

• Create Backups

Result: User can add/edit/delete backup schedules only in a2 namespace. User can view backups or create manual/scheduled backups in a2 namespace.

Change configmap

Result: User can add/edit/delete backup schedules only in a2 namespace. User can view backups or create manual/scheduled backups in a2 namespace.

Test with Everest 1.2.0-rc1 version

Create dbadmin user using cli

Change configmap

Result: The dbadmin user can only access and create backups of databases in a1 namespace

Change configmap

Result: User can create backups in a2 namespace.

Change configmap

With above configuration

1. Add/update/delete of backups/schedules of databases in other namespaces should not be allowed. - The update/delete of schedules is not disabled, though updating or deleting the schedule does not proceed ahead. Delete option for backups is not visible. Filed Everest-1447.

2. Create backups/schedules - The create backup button is not available. Filed .

3. Update/delete of backup/schedules of database in the same namespace. - Delete option for backups is not visible. The update/delete of schedules can be done.

Test with read/update/delete of database backups/schedules in the same/different namespace.

Create and Update

Result: No effect on the UI, same as create.

Only Update and no create

Result: Edit/Delete of backup schedules cannot be done. Filed Everest-1448.

Delete

Result: Backups can be deleted but backup schedules cannot be deleted in the a2 namespace. Backups and backup schedules cannot be deleted in a1 namespace.

Read

Result: User can view backups in a1 namespace. User can try to edit/delete backups in a1 namespace. Updated Everest-1447.
User can view database backups in other namespaces. Filed EVEREST-1450.

Read in a1 namespace, create in a2 namespace

Result: This scenario does not work due to issues EVEREST-1449, EVEREST-1447, EVEREST-1450.

All permissions in one namespace

Result: User cannot create backups due to EVEREST-1449.

Create permissions for all namespaces

Result: User can create backups, backup schedules in both a1, a2 namespaces. User can edit/delete backup schedules in both namespaces.

All permissions in all namespaces

Result: User can create backups, backup schedules in both a1, a2 namespaces. User can edit/delete backup schedules in both namespaces. User can delete backups in both namespaces.

Read only permission for backup-storages

Result: User can create backups, backup schedules in both a1, a2 namespaces. User can edit/delete backup schedules in both namespaces. User can delete backups in both namespaces.

Hey , I’ve updated the description. Let me know if you have any questions..

Can you please add information to this ticket. Thanks