Skip to content
Snippets Groups Projects

feat: access control checks above and beyond space rw checks

Merged feat: access control checks above and beyond space rw checks
dkr/more-access-checks into master
Merged Dmitry Rodionov requested to merge dkr/more-access-checks into master

Summary

  • feat: access control checks above and beyond space rw checks

The patch adds remaining access checks for cluster wide management operations involving tables users and roles. Basic scenario now works. See newly added test_create_space_smoke.

There are some follow ups I'd like to address separately, namely:

  • more tests for new ifs around box_access_check_ddl calls #420
  • add tests for ownership semantics (these can be mostly ported from tarantool-module) blocked by #408 (closed)
  • port access.test and role.test from core (at some point later) #421
  • Detect and prohibit circular role grants #415 (closed)

Close #339 (closed)

Ensure that

  • New code is covered by tests (to some extent)
  • API is documented
  • Changelog is up to date
  • (if Lua API changed) Lua API version is bumped in luamod.rs
  • (if necessary) A follow-up doc issue is created in picodata/docs and linked here
Edited by Dmitry Rodionov

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply