Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(query): add access control doc about privilege #10464

Closed
wants to merge 1 commit into from
Closed

docs(query): add access control doc about privilege #10464

wants to merge 1 commit into from

Conversation

TCeason
Copy link
Collaborator

@TCeason TCeason commented Mar 9, 2023
edited
Loading

Summary

  1. add doc: priv

  2. fix grant create user/stage/role err

Questions

  1. I try to add priv doc. But I find in privilege_access.rs
     more plan does not check privilege.

  2. And I think this is unreasonable? Why create view need alter priv?
    cc @BohuTANG

Plan::CreateView(plan) => {
    session
        .validate_privilege(
            &GrantObject::Database(plan.catalog.clone(), plan.database.clone()),
            UserPrivilegeType::Alter,
        )
        .await?;
}
mysql> show grants;
+-----------------------------------------------------+
| Grants                                              |
+-----------------------------------------------------+
| GRANT CREATE,CREATE ROLE ON *.* TO 'b'@'%'          |
| GRANT SELECT ON 'default'.'system'.'one' TO 'b'@'%' |
+-----------------------------------------------------+
2 rows in set (0.03 sec)
Read 0 rows, 0.00 B in 0.004 sec., 0 rows/sec., 0.00 B/sec.

mysql> create view v_t2 as select * from t;
ERROR 1105 (HY000): Code: 1063, displayText = Permission denied, user 'b'@'%' requires ALTER privilege on 'default'.'default'.*.

Closes #10385

@vercel
Copy link

vercel bot commented Mar 9, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated
databend ✅ Ready (Inspect) Visit Preview 💬 Add your feedback Mar 9, 2023 at 5:07AM (UTC)

@mergify mergify bot added the pr-doc this PR needs/changes the documents or websites label Mar 9, 2023
@TCeason
fix(query): grant create user/stage/role
e939893 
1. fix grant create user/stage/role err

2. add doc: priv
@TCeason TCeason requested a review from soyeric128 March 9, 2023 05:10
@BohuTANG
Copy link
Member

BohuTANG commented Mar 9, 2023

I try to add priv doc. But I find in privilege_access.rs
more plan does not check privilege.

Yes, we need more privileges to add .

And I think this is unreasonable? Why create view need alter priv?

Not make sense, we can fix it.

@Xuanwo
Copy link
Member

Xuanwo commented Mar 9, 2023

Hi there, could you please provide a more detailed title for this PR, instead of just using add doc: priv? A clear and descriptive title would make it easier for us to write comprehensive and accurate changelogs. Thank you!

BohuTANG
BohuTANG reviewed Mar 9, 2023
View reviewed changes
docs/doc/04-security/00-access-control/10-access-control-privileges.md
@@ -0,0 +1,78 @@
---
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to move here?

image

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before Use cases after SQL Functions

@TCeason TCeason changed the title docs(query): add doc: priv docs(query): add access control doc about privilege Mar 9, 2023
@TCeason
Copy link
Collaborator Author

TCeason commented Mar 9, 2023

Yes, we need more privileges to add .

Ok, I will add it in this pr. Now it will be set draft, after this done it will be ready for review.

@TCeason TCeason marked this pull request as draft March 9, 2023 05:28
@TCeason TCeason closed this Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BohuTANG BohuTANG BohuTANG left review comments

@flaneur2020 flaneur2020 Awaiting requested review from flaneur2020

@RinChanNOWWW RinChanNOWWW Awaiting requested review from RinChanNOWWW

@andylokandy andylokandy Awaiting requested review from andylokandy

@soyeric128 soyeric128 Awaiting requested review from soyeric128

Assignees
No one assigned
Labels
pr-doc this PR needs/changes the documents or websites
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tracking: privileges enhancement
3 participants
@TCeason @BohuTANG @Xuanwo