New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: enforce permissions on sql endpoint #1830
Comments
This bit is not strictly necessary IMO. |
Well, we need some way of doing it. The currently prefix-based config tool assume that you know what the mapping is. It's trivial enough to do the conversion automatically. |
Ok, I don't think this will work. Having authorization done at the KV layer requires way too many prefixes (unique namespace ID, namespace prefix, table prefix, etc...). I'll write something up. |
Enforce read/write db-level privileges. I've annotated the enforced functions with the privileges required and notes about what postgres and mysql do. This will be useful when adding real privileges (eg: create|select|insert|delete|etc...).
Enforce database-level privileges: #1830
* add privileges to the table descriptor, inherited from the DB descriptor at creation time. * modify grant/revoke/show grants statements to operate on a table * split grant sql logic test into grant_database and grant_table Table-level permissions are not yet enforced.
Work torwards #1830 Apply table-level READ|WRITE privileges and test. Each statement has a note about privileges, including what postgres and mysql do. Due to the always-build SELECT nodes in DELETE and UPDATE, we need both READ and WRITE for those statements.
Privileges are enforced. Closing in favor of #2005 |
raft: log snapshot events
Short-term solution:
Further considerations:
The text was updated successfully, but these errors were encountered: