Sorry, forgot to send to the mailing list.
-------- Перенаправленное сообщение --------
Тема: Re: [tarantool-patches] Re: [PATCH] Make access_check_ddl check
for entity privileges.
Дата: Thu, 19 Jul 2018 10:46:27 +0300
От: Sergey Petrenko <sergepetrenko@xxxxxxxxxxxxx>
Кому: Konstantin Osipov <kostja@xxxxxxxxxxxxx>
18.07.2018 9:07, Konstantin Osipov пишет:
* Sergey Petrenko <sergepetrenko@xxxxxxxxxxxxx> [18/07/12 11:55]:You misunderstood me, I meant the space object, since we used to
INDEX is not a separate object, it's a part of the space.Checking for create privilege ignores ownership, since when creating an- enum priv_type priv_type = new_tuple ? PRIV_C : PRIV_D;As far as I understand, you changed it because creating an index
- if (old_tuple && new_tuple)
- priv_type = PRIV_A;
- access_check_ddl(old_space->def->name, old_space->def->uid, SC_SPACE,
- priv_type, true);
+ enum priv_type priv_type = new_tuple ? PRIV_A : PRIV_D;
+ access_check_ddl(old_space->def->name, old_space->def->id,
+ old_space->def->uid, SC_SPACE, priv_type, true);
is technically altering a space, not creating it. But in this case
dropping an index is also technically altering a space.
In SQL, CREATE/DROP/ALTER match SQL statements CREATE/DROP/ALTER
respectively. Since in NoSQL in Tarantool we don't have these
statements, instead, we create each index with a separate Lua
command, let's keep the old check: use CREATE access to space
in order to permit CREATING an index, ALTER - to permit update,
and DROP - to permit drop.
object there can't be a create privilege on the object itself.
A user who has created the space should be able to
CREATE/DROP/ALTER any index in the space based on the definer
rule (the owner of the object should be able to do anything with
it).
I imagine if an index has an independent owner, one would not beWhat Oracle does is they have separate entities INDEX and TABLE,
able to drop their own space if some other user created an index
on it.
Let's try to avoid this. Oracle also has entity access. How does
it work there? Who is set as the definer of the index if user b
creates an index on space created by user a? Let's bring this up
with Peter Gulutzan, he may have an educated opinion on the
subject.
IMO it would unnecessarily complicate access control, cos we would
We also have an option of separating INDEX and SPACE as entities,
and introducing INDEX entity. But then again a user who created a
space should be able to create/drop/alter any index in that space
- the opposite seems counter-intuitive.