From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 051CA2645C for ; Fri, 8 Jun 2018 10:01:38 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMVsIm7zrvB0 for ; Fri, 8 Jun 2018 10:01:37 -0400 (EDT) Received: from smtp58.i.mail.ru (smtp58.i.mail.ru [217.69.128.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id B805226452 for ; Fri, 8 Jun 2018 10:01:37 -0400 (EDT) Date: Fri, 8 Jun 2018 17:01:35 +0300 From: Konstantin Osipov Subject: [tarantool-patches] Re: [PATCH 2/3] security: add limits on object_type-privilege pair Message-ID: <20180608140135.GA6436@chai> References: <0e6cd9bcff2fca4d04105b42f96dd78a3bfee743.1528448404.git.georgy@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0e6cd9bcff2fca4d04105b42f96dd78a3bfee743.1528448404.git.georgy@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: imarkov * Georgy Kirichenko [18/06/08 12:11]: > From: imarkov > > Introduce constraints on object_type-privilege pairs. > These constraints limit senseless grants/revokes, i.e., > sequence - execute, all space related privileges(insert, delete, > update), > function - alter, all space related privileges, > role - all privileges except create, drop, alter, execute Sorry for nitpicking, but wouldn't it be better to list allowed privileges rather than forbidden ones? Perhaps making a plain C array which would map object type to the list of allowed bits and exporting it to Lua make things even simpler? > -- Konstantin Osipov, Moscow, Russia, +7 903 626 22 32 http://tarantool.io - www.twitter.com/kostja_osipov