From: Konstantin Osipov <kostja@tarantool.org>
To: Sergey Petrenko <sergepetrenko@tarantool.org>
Cc: tarantool-patches@freelists.org
Subject: [tarantool-patches] Re: [PATCH] Make access_check_ddl check for entity privileges.
Date: Wed, 18 Jul 2018 09:07:48 +0300 [thread overview]
Message-ID: <20180718060747.GA11097@chai> (raw)
In-Reply-To: <5cece723-7439-563c-ea02-18014aa1294c@tarantool.org>
* Sergey Petrenko <sergepetrenko@tarantool.org> [18/07/12 11:55]:
> > > - enum priv_type priv_type = new_tuple ? PRIV_C : PRIV_D;
> > > - if (old_tuple && new_tuple)
> > > - priv_type = PRIV_A;
> > > - access_check_ddl(old_space->def->name, old_space->def->uid, SC_SPACE,
> > > - priv_type, true);
> > > + enum priv_type priv_type = new_tuple ? PRIV_A : PRIV_D;
> > > + access_check_ddl(old_space->def->name, old_space->def->id,
> > > + old_space->def->uid, SC_SPACE, priv_type, true);
> > As far as I understand, you changed it because creating an index
> > is technically altering a space, not creating it. But in this case
> > dropping an index is also technically altering a space.
> > In SQL, CREATE/DROP/ALTER match SQL statements CREATE/DROP/ALTER
> > respectively. Since in NoSQL in Tarantool we don't have these
> > statements, instead, we create each index with a separate Lua
> > command, let's keep the old check: use CREATE access to space
> > in order to permit CREATING an index, ALTER - to permit update,
> > and DROP - to permit drop.
> Checking for create privilege ignores ownership, since when creating an
> object there can't be a create privilege on the object itself.
INDEX is not a separate object, it's a part of the space.
A user who has created the space should be able to
CREATE/DROP/ALTER any index in the space based on the definer
rule (the owner of the object should be able to do anything with
it).
I imagine if an index has an independent owner, one would not be
able to drop their own space if some other user created an index
on it.
Let's try to avoid this. Oracle also has entity access. How does
it work there? Who is set as the definer of the index if user b
creates an index on space created by user a? Let's bring this up
with Peter Gulutzan, he may have an educated opinion on the
subject.
We also have an option of separating INDEX and SPACE as entities,
and introducing INDEX entity. But then again a user who created a
space should be able to create/drop/alter any index in that space
- the opposite seems counter-intuitive.
--
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
http://tarantool.io - www.twitter.com/kostja_osipov
next prev parent reply other threads:[~2018-07-18 16:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-11 16:40 [tarantool-patches] " Serge Petrenko
2018-07-11 18:33 ` [tarantool-patches] " Konstantin Osipov
2018-07-12 8:52 ` Sergey Petrenko
2018-07-18 6:07 ` Konstantin Osipov [this message]
[not found] <c734dd77-57dd-b0a3-af26-bf38937b1725@tarantool.org>
2018-07-19 7:48 ` Sergey Petrenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718060747.GA11097@chai \
--to=kostja@tarantool.org \
--cc=sergepetrenko@tarantool.org \
--cc=tarantool-patches@freelists.org \
--subject='[tarantool-patches] Re: [PATCH] Make access_check_ddl check for entity privileges.' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox