[tarantool-patches] Re: [PATCH 2/3] security: add limits on object_type-privilege pair

Konstantin Osipov kostja at tarantool.org
Fri Jun 8 17:01:35 MSK 2018


* Georgy Kirichenko <georgy at tarantool.org> [18/06/08 12:11]:
> From: imarkov <imarkov at tarantool.org>
> 
> Introduce constraints on object_type-privilege pairs.
> These constraints limit senseless grants/revokes, i.e.,
> sequence - execute, all space related privileges(insert, delete,
> update),
> function - alter, all space related privileges,
> role - all privileges except create, drop, alter, execute

Sorry for nitpicking, but wouldn't it be better to 
list allowed privileges rather than forbidden ones?

Perhaps making a plain C array which would map object type to the
list of allowed bits and exporting it to Lua make things even
simpler?

> 

-- 
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
http://tarantool.io - www.twitter.com/kostja_osipov




More information about the Tarantool-patches mailing list