Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

box: disallow granting execute privilege on space #9293

Merged
merged 1 commit into from
Oct 26, 2023
Merged

box: disallow granting execute privilege on space #9293

merged 1 commit into from
Oct 26, 2023

Conversation

locker
Copy link
Member

@locker locker commented Oct 24, 2023

Historically, it was possible to grant the execte privilege on a space although this action had no effect. Since Tarantool 3.0 it isn't allowed anymore. The new compat module option box_space_execute_priv was added to revert to the old behavior.

Example:

tarantool> box.cfg{log_level = 'error'}
---
...

tarantool> box.schema.user.create('alice')
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
- error: Unsupported space privilege 'execute'
...

tarantool> require('compat').box_space_execute_priv = 'old'
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
...

Closes #9277

@locker locker requested review from a team as code owners October 24, 2023 08:49
@coveralls
Copy link

coveralls commented Oct 24, 2023
edited

Coverage Status

coverage: 86.292% (-0.01%) from 86.305% when pulling 9672c9f on locker:gh-9277-space-execute-priv into c13e59a
on tarantool:master.

@locker
box: disallow granting execute privilege on space
9672c9f 
Closes tarantool#9277

@TarantoolBot document
Title: Document `box_space_execute_priv` compatibility option

Historically, it was possible to grant the `execte` privilege on
a space although this action had no effect. Since Tarantool 3.0
it isn't allowed anymore. The new `compat` module option
`box_space_execute_priv` was added to revert to the old behavior.

Please create a documentation page for the new compatibility option at
https://tarantool.io/compat/box_space_execute_priv

Example:

```
tarantool> box.cfg{log_level = 'error'}
---
...

tarantool> box.schema.user.create('alice')
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
- error: Unsupported space privilege 'execute'
...

tarantool> require('compat').box_space_execute_priv = 'old'
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
...
```
@Totktonada Totktonada removed their assignment Oct 24, 2023
@locker locker self-assigned this Oct 24, 2023
@locker locker added the full-ci Enables all tests for a pull request label Oct 26, 2023
@locker locker merged commit 21063b4 into tarantool:master Oct 26, 2023
106 checks passed
@locker locker deleted the gh-9277-space-execute-priv branch October 26, 2023 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Totktonada Totktonada Totktonada approved these changes

@ylobankov ylobankov ylobankov approved these changes

@p7nov p7nov p7nov approved these changes

Assignees

@locker locker

Labels
full-ci Enables all tests for a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Grant 'execute' for a space object does not have an effect
5 participants
@locker @coveralls @Totktonada @ylobankov @p7nov