[tarantool-patches] [PATCH 2/2] box: autogrant CREATE,ALTER,DROP to users with READ+WRITE
Konstantin Osipov
kostja at tarantool.org
Thu Nov 1 18:34:44 MSK 2018
* Serge Petrenko <sergepetrenko at tarantool.org> [18/10/30 16:36]:
> This patch adds an upgrade script to grant CREATE, ALTER, DROP
> privileges to users which have READ+WRITE on respective objects.
> This is needed after removing 1.7 compatibility mode for privileges.
>
> Closes #3539
> ---
> src/box/lua/upgrade.lua | 31 +++++++++++++++++++++++++++++++
> 1 file changed, 31 insertions(+)
>
> diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua
> index d9c2ae447..64f74f9d3 100644
> --- a/src/box/lua/upgrade.lua
> +++ b/src/box/lua/upgrade.lua
> @@ -501,6 +501,35 @@ end
> -- Tarantool 2.1.0
> --------------------------------------------------------------------------------
>
> +local function upgrade_priv_to_2_1_0()
> + local _priv = box.space[box.schema.PRIV_ID]
> + local _user = box.space[box.schema.USER_ID]
> + -- Since we remove 1.7 compatibility in 2.1.0, we have to
> + -- grant ALTER and DROP to all users with READ + WRITE on
> + -- respective objects. We also grant CREATE on entities
> + -- or on universe if a user has READ and WRITE on an entity
> + -- or on universe respectively. We do not grant CREATE on
No, please add ALTER and DROP only to the users who have
READ+WRITE on the universe. In other words, don't bother with
individual objects.
> + -- objects, since it has no effect. We also skip grants for
> + -- sequences since they were added after the new privileges
> + -- and compatibility mode was always off for them.
--
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
http://tarantool.io - www.twitter.com/kostja_osipov
More information about the Tarantool-patches
mailing list