Skip to content
Snippets Groups Projects
Commit d7abf0c0 authored by ocelot-inc's avatar ocelot-inc
Browse files

changes related to issue#668 + issue#669 + issue#868

parent f84ad58c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
doc/sphinx/book/box/authentication.rst
+ 22
19
View file @ d7abf0c0
...@@ -129,19 +129,27 @@ Notes: The maximum number of users is 32. ...@@ -129,19 +129,27 @@ Notes: The maximum number of users is 32.
Privileges and the _priv space Privileges and the _priv space
=========================================================== ===========================================================
The fields in the _priv space are: the numeric id of the user who gave the The fields in the _priv space are:
privilege ("grantor_id"), the numeric id of the user who received the the numeric id of the user who gave the privilege ("grantor_id"),
privilege ("grantee_id"), the id of the object, the type of object - "space" the numeric id of the user who received the privilege ("grantee_id"),
or "function" or "universe", the type of operation - "read" or "write" or the type of object - "space" or "function" or "universe",
"execute" or a combination such as "read,write,execute". the numeric id of the object,
the type of operation - "read" = 1, or "write" = 2, or
The function for granting a privilege is: "execute" = 4, or a combination such as "read,write,execute".
:samp:`box.schema.user.grant({user-name-of-grantee}, {operation-type}, {object-type}, {object-name})` or
:samp:`box.schema.user.grant({user-name-of-grantee}, {operation-type}, 'universe')`. The function for granting a privilege is: |br|
:samp:`box.schema.user.grant({grantee-user-name-or-id}, {operation-type}, {object-type}, {object-name}[, {grant-option}])`
The function for revoking a privilege is: or |br|
:samp:`box.schema.user.revoke({user-name-of-grantee}, {operation-type}, {object-type}, {object-name})` or :samp:`box.schema.user.grant({grantee-user-name-or-id}, {operation-type}, 'universe'[, {grant-option}])` |br|
:samp:`box.schema.user.revoke({user-name-of-grantee}, {operation-type}, 'universe')`. where 'universe' means 'all objects',
and the optional grant-option can be :code:`{grantor=grantor_id}`,
:code:`{if_not_exists=true|false}`, or both.
The function for revoking a privilege is: |br|
:samp:`box.schema.user.revoke({grantee-user-name-or-id}, {operation-type}, {object-type}, {object-name}[, {revoke-option}])`
or |br|
:samp:`box.schema.user.revoke({grantee-user-name-or-id}, {operation-type}, 'universe'[, {revoke-option}])` |br|
where the optional revoke-option can be :code:`{if_exists=true|false}`.
For example, here is a session where the admin user gave the guest user the For example, here is a session where the admin user gave the guest user the
privilege to read from a space named space55, and then took the privilege away: privilege to read from a space named space55, and then took the privilege away:
...@@ -156,8 +164,7 @@ privilege to read from a space named space55, and then took the privilege away: ...@@ -156,8 +164,7 @@ privilege to read from a space named space55, and then took the privilege away:
Notes: Generally privileges are granted or revoked by the owner of the object (the Notes: Generally privileges are granted or revoked by the owner of the object (the
user who created it), or by the 'admin' user. Before dropping any objects user who created it), or by the 'admin' user. Before dropping any objects
or users, steps should be taken to ensure that all their associated or users, steps should be taken to ensure that all their associated
privileges have been revoked. Only the 'admin' user can grant privileges privileges have been revoked. Only the 'admin' user can grant privileges for the 'universe'.
for the 'universe'.
=========================================================== ===========================================================
...@@ -278,10 +285,6 @@ or indirectly. ...@@ -278,10 +285,6 @@ or indirectly.
Drop a role. Drop a role.
.. function:: info()
Get information about a role, including what privileges have been granted to the role.
.. function:: grant(role-name, 'execute', 'role', role-name) .. function:: grant(role-name, 'execute', 'role', role-name)
Grant a role to a role. Grant a role to a role.
......
doc/sphinx/book/box/triggers.rst
+ 31
0
View file @ d7abf0c0
...@@ -204,3 +204,34 @@ each trigger by replacing with ``nil``. ...@@ -204,3 +204,34 @@ each trigger by replacing with ``nil``.
box.space.T:run_triggers(false) box.space.T:run_triggers(false)
box.space.T:on_replace(nil, F) box.space.T:on_replace(nil, F)
box.space.T:on_replace(nil, F) box.space.T:on_replace(nil, F)
===========================================================
Getting a list of triggers
===========================================================
The code :code:`on_connect()` -- with no arguments --
lists all connect-trigger functions;
:code:`on_auth()` lists all authentication-trigger functions;
:code:`on_disconnect()` lists all disconnect-trigger functions;
:code:`on_replace()` lists all replace-trigger functions.
In the following example a user finds that there are
three functions associated with :code:`on_connect`
triggers, and executes the third function, which happens to
contain the line "print('function #3')".
| :codenormal:`tarantool>` :codebold:`box.session.on_connect()`
| :codenormal:`---`
| :codenormal:`- - 'function: 0x416ab6f8'`
| |nbsp| |nbsp| :codenormal:`- 'function: 0x416ab6f8'`
| |nbsp| |nbsp| :codenormal:`- 'function: 0x416ad800'`
| :codenormal:`...`
|
| :codenormal:`tarantool>` :codebold:`box.session.on_connect()[3]()`
| :codenormal:`function #3`
| :codenormal:`---`
| :codenormal:`...`
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment