New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[YSQL] Allow yb_db_admin to CREATE/DROP functions #12207
Labels
2.14 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/bug
This issue is a bug
priority/medium
Medium priority issue
Projects
Comments
paullee-yb
added
area/ysql
Yugabyte SQL (YSQL)
status/awaiting-triage
Issue awaiting triage
labels
Apr 19, 2022
paullee-yb
changed the title
[YSQL] Allow yb_db_admin to CREATE and DROP functions
[YSQL] Allow yb_db_admin to CREATE/DROP functions and use leakproof functions
Apr 20, 2022
paullee-yb
changed the title
[YSQL] Allow yb_db_admin to CREATE/DROP functions and use leakproof functions
[YSQL] Allow yb_db_admin to CREATE/DROP functions
May 7, 2022
paullee-yb
added a commit
that referenced
this issue
May 9, 2022
Summary: This change expands the permissions of yb_db_admin to do the following: - create function - delete function - create function with language specified Test Plan: ybd --java-test 'org.yb.pgsql.TestPgRegressProc' Reviewers: smishra, fizaa Reviewed By: fizaa Subscribers: jason, yql Differential Revision: https://phabricator.dev.yugabyte.com/D16611
yugabyte-ci
added
kind/bug
This issue is a bug
priority/medium
Medium priority issue
labels
May 14, 2022
paullee-yb
added a commit
that referenced
this issue
May 21, 2022
…sted languages. Summary: **Background** `yb_db_admin` is a role that is GRANTED to the `admin` role in YB Managed. Currently, `yb_db_admin` allows users to create functions with untrusted languages, which has security concerns. For example, C-language functions can gain access to the OS or database server processes. **Solution** This diff removes the ability for `yb_db_admin` to create functions with untrusted languages, as this can be a security vulnerability. RDS follows an identical approach for functions. Test Plan: ybd --java-test 'org.yb.pgsql.TestPgRegressProc' Reviewers: jason, smishra, fizaa Reviewed By: fizaa Subscribers: yql Differential Revision: https://phabricator.dev.yugabyte.com/D16985
paullee-yb
added a commit
that referenced
this issue
May 24, 2022
Summary: This change expands the permissions of yb_db_admin to do the following: - create function - delete function - create function with language specified Test Plan: ybd --java-test 'org.yb.pgsql.TestPgRegressProc' Reviewers: smishra, fizaa Reviewed By: fizaa Subscribers: jason, yql Differential Revision: https://phabricator.dev.yugabyte.com/D16611
Basically backport a3287bc to 2.14 |
paullee-yb
added a commit
that referenced
this issue
Jun 9, 2022
Summary: This change expands the permissions of yb_db_admin to do the following: - create function - delete function - create function with language specified Test Plan: ybd --java-test 'org.yb.pgsql.TestPgRegressProc' Reviewers: smishra, fizaa Reviewed By: fizaa Subscribers: jason, yql Differential Revision: https://phabricator.dev.yugabyte.com/D16611
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2.14 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/bug
This issue is a bug
priority/medium
Medium priority issue
Jira Link: [DB-346](https://yugabyte.atlassian.net/browse/DB-346)
Description
The text was updated successfully, but these errors were encountered: