tarantool/tarantool

Support `GRANT` and `REVOKE`.

Open

#2 243 ouverte le 24 mars 2017

Voir sur GitHub
 (1 commentaire) (0 réactions) (0 assignés)Lua (406 forks)batch import
featuregood first issuesql

Métriques du dépôt

Stars
 (3 633 stars)
Métriques de merge PR
 (Merge moyen 13j 2h) (82 PRs mergées en 30 j)

Description

GRANT/REVOKE access right on given table to given user.

This might be impacted by #945.

Not 1.8.0 feature.

What we want to say in SQL is GRANT privilege ON object_name TO user_name; GRANT privilege ON object_name TO role_name; REVOKE privilege ON object_name FROM user_name; (There is no WITH GRANT OPTION.) which correspond fairly closely to box.schema.user.grant(user_name,...) box.schema.user.revoke(user_name,...) The privileges aren't the usual set. They must match what box.schema.user.grant has. GRANT read[,write] ON TABLE table_name TO user_name; GRANT read[,write] ON TABLE table_name TO user_name; GRANT execute ON ROUTINE function_name TO user_name; GRANT read[,write[,execute]] ON universe TO user_name; REVOKE read[,write] ON TABLE table_name TO user_name; REVOKE read[,write] ON TABLE table_name FROM user_name; REVOKE execute ON FUNCTION function_name FROM user_name; REVOKE read[,write[,execute]] ON universe FROM user_name; The assumption is that it is possible for SQL to access a function name, as described elsewhere. So some straightforward mapping is possible. Given the weakness of Tarantool access control, this can be low priority.

Guide contributeur