roleccl: enable GRANT/REVOKE for roles without a license #45325
Merged
Commits on Feb 25, 2020
-
server: return HTTP 403 instead of 500 upon authz failures
Before, the HTTP endpoints would return 500 (Internal server error) when they require an admin user and a non-admin user was logged in. This patch changes it to make them return 403 (Forbidden) instead, which is the standard "permission denied" error code. Release note (general change): HTTP endpoints now report status 403 (Forbidden) instead of 500 (Internal server error) when the authenticated user has insufficient privileges to use the endpoint.
-
roleccl: enable GRANT/REVOKE for roles without a license
Release note (security update): Non-licensed users are now able to add more principals to the special superuser role/group `admin`. (Creation of additional roles is still a licensed feature). Release note (sql change): It is now possible to use `GRANT` and `REVOKE` to add users to the `admin` role without a valid license. This change aims to enable use of the admin UI and other privileged features without a license.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.