New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement permissions on system tables part II #5692
Comments
In CR 3702 by @danielmewes. |
@danielmewes will this also ensure the output of |
@marshall007 The current implementation has all tables and databases visible to everybody, even if they don't have any permissions to read or write to them. Do you have a use case for which you'd want these commands to filter our inaccessible tables? Note that even if we filter out tables with no permissions, your application would often still need to handle permission errors when accessing the table(s), since a user might only have read but not write or config permissions. There are probably a few cases where all you need is read permissions, and there it would usually work out. |
@danielmewes I don't have any specific use-cases in mind. It just seems like more appropriate behavior since otherwise (currently) there are pitfalls associated with It would be a nice solution to #5946 and even more handy once changefeeds are supported in #5517. You make a good point though that depending on what you're trying to do you may wish to filter based on permissions other than |
I think hiding tables based on permissions would be pretty confusing, because people with permissions set incorrectly will think their tables just disappeared. Adding an optarg to |
I opened a new issue #6006 for the |
One more thought: We currently have three My opinion is that we should disallow access to these for all non-admin users. While I don't think there's much harm that a user could do by accessing these tables (other than maybe overload memory by writing to On the other hand, restricting access to the Does anyone think it would be better to allow access to these tables for non-admin users? |
Note that this comment is essentially a brain dump resulting from a discussion @danielmewes and I had in person.
|
We're making two more changes to the system table permissions.
|
Merged into |
For the record, the relevant reviews are CR 3704 and CR 3748. |
@VeXocide Do you remember if the tests were good to merge? Unfortunately all review data is gone. |
@danielmewes It seems I merged these into |
In 2.3 we ended up disallowing system table access for non-admin users for simplicity reasons.
Copying the original proposal from #5463 here:
admin
user who can write to all system tablesusers
table, as long as they have read and write permissions on theusers
table as granted through the usual mechanism.Note that operations such as
r.table(...).config().update(...)
orr.table(...).reconfigure(...)
can still be performed by non-admin users, if the user hasconfig
permissions on the affected table.Additionally we should filter
jobs
output so users only see their own queries unless they areadmin
.The text was updated successfully, but these errors were encountered: