feat: access control checks above and beyond space rw checks (!746) · Merge requests · core / picodata

Dmitry Rodionov requested to merge dkr/more-access-checks into master Nov 20, 2023

Summary

feat: access control checks above and beyond space rw checks

The patch adds remaining access checks for cluster wide management operations involving tables users and roles. Basic scenario now works. See newly added test_create_space_smoke.

There are some follow ups I'd like to address separately, namely:

more tests for new ifs around box_access_check_ddl calls #420
add tests for ownership semantics (these can be mostly ported from tarantool-module) blocked by #408 (closed)
port access.test and role.test from core (at some point later) #421
Detect and prohibit circular role grants #415 (closed)

Close #339 (closed)

Ensure that

New code is covered by tests (to some extent)
~~API is documented~~
~~Changelog is up to date~~
~~(if Lua API changed) Lua API version is bumped in luamod.rs~~
~~(if necessary) A follow-up doc issue is created in picodata/docs and linked here~~

Edited Nov 28, 2023 by Dmitry Rodionov

feat: access control checks above and beyond space rw checks

Summary

Ensure that

Merge request reports