Prohibit non admin writes to system spaces (!1213) · Merge requests · core / picodata

Вартан Бабаян requested to merge vbabayan/402-prohibit-non-admin-writes-to-system-spaces into master Aug 14, 2024

Summary

Prohibit DML queries into system space for all users; For user=ADMIN_ID we prohibit only a particular tables including:

    const PROHIBITED_SPACES: &[ClusterwideTable] = &[
        ClusterwideTable::Table,
        ClusterwideTable::Index,
        ClusterwideTable::User,
        ClusterwideTable::Privilege,
        ClusterwideTable::Routine,
    ];

Refactor dml_prohibited check in cas.rc

Adjust tests according to new behaviour, for regular users on write into system space we get error AccessDenied

Close #402 (closed)
Cherry-pick to: none
Docs follow-up: not necessary

Edited Aug 20, 2024 by Вартан Бабаян

Prohibit non admin writes to system spaces

Summary

Merge request reports