mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-24 08:32:02 +00:00
Rename some access types: add ALTER and SYSTEM prefixes.
This commit is contained in:
Vitaly Baranov
parent
f53b4ad3a8
commit
b4d7ef390c
@ -52,6 +52,10 @@ namespace
|
|||||||
const AccessFlags truncate_flag = AccessType::TRUNCATE;
|
const AccessFlags truncate_flag = AccessType::TRUNCATE;
|
||||||
const AccessFlags drop_table_flag = AccessType::DROP_TABLE;
|
const AccessFlags drop_table_flag = AccessType::DROP_TABLE;
|
||||||
const AccessFlags drop_view_flag = AccessType::DROP_VIEW;
|
const AccessFlags drop_view_flag = AccessType::DROP_VIEW;
|
||||||
|
const AccessFlags alter_ttl_flag = AccessType::ALTER_TTL;
|
||||||
|
const AccessFlags alter_materialize_ttl_flag = AccessType::ALTER_MATERIALIZE_TTL;
|
||||||
|
const AccessFlags system_reload_dictionary = AccessType::SYSTEM_RELOAD_DICTIONARY;
|
||||||
|
const AccessFlags system_reload_embedded_dictionaries = AccessType::SYSTEM_RELOAD_EMBEDDED_DICTIONARIES;
|
||||||
};
|
};
|
||||||
|
|
||||||
std::string_view checkCurrentDatabase(const std::string_view & current_database)
|
std::string_view checkCurrentDatabase(const std::string_view & current_database)
|
||||||
@ -412,8 +416,14 @@ private:
|
|||||||
implicit_access |= helper.show_tables_flag;
|
implicit_access |= helper.show_tables_flag;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((level == GLOBAL_LEVEL) && ((access | max_access_among_children) & helper.create_table_flag))
|
if (level == GLOBAL_LEVEL)
|
||||||
implicit_access |= helper.create_temporary_table_flag;
|
{
|
||||||
|
if ((access | max_access_among_children) & helper.create_table_flag)
|
||||||
|
implicit_access |= helper.create_temporary_table_flag;
|
||||||
|
|
||||||
|
if (access & helper.system_reload_dictionary)
|
||||||
|
implicit_access |= helper.system_reload_embedded_dictionaries;
|
||||||
|
}
|
||||||
|
|
||||||
if (level <= TABLE_LEVEL)
|
if (level <= TABLE_LEVEL)
|
||||||
{
|
{
|
||||||
@ -425,6 +435,9 @@ private:
|
|||||||
|
|
||||||
if (access & helper.alter_table_flag)
|
if (access & helper.alter_table_flag)
|
||||||
implicit_access |= helper.alter_view_flag;
|
implicit_access |= helper.alter_view_flag;
|
||||||
|
|
||||||
|
if (access & helper.alter_ttl_flag)
|
||||||
|
implicit_access |= helper.alter_materialize_ttl_flag;
|
||||||
}
|
}
|
||||||
|
|
||||||
final_access = access | implicit_access;
|
final_access = access | implicit_access;
|
||||||
|
|||||||
@ -18,68 +18,78 @@ enum class AccessType
|
|||||||
/// or specifies that the access type is a GROUP of other access types;
|
/// or specifies that the access type is a GROUP of other access types;
|
||||||
/// parent_group_name is the name of the group containing this access type (or NONE if there is no such group).
|
/// parent_group_name is the name of the group containing this access type (or NONE if there is no such group).
|
||||||
#define APPLY_FOR_ACCESS_TYPES(M) \
|
#define APPLY_FOR_ACCESS_TYPES(M) \
|
||||||
M(SHOW_DATABASES, "", DATABASE, SHOW) /* allows to execute SHOW DATABASES, SHOW CREATE DATABASE, USE <database>*/\
|
M(SHOW_DATABASES, "", DATABASE, SHOW) /* allows to execute SHOW DATABASES, SHOW CREATE DATABASE, USE <database>;
|
||||||
M(SHOW_TABLES, "", TABLE, SHOW) /* allows to execute SHOW TABLES, EXISTS <table>, CHECK <table> */\
|
implicitly enabled by any grant on the database */\
|
||||||
M(SHOW_COLUMNS, "", COLUMN, SHOW) /* allows to execute SHOW CREATE TABLE, DESCRIBE */\
|
M(SHOW_TABLES, "", TABLE, SHOW) /* allows to execute SHOW TABLES, EXISTS <table>, CHECK <table>;
|
||||||
M(SHOW_DICTIONARIES, "", DICTIONARY, SHOW) /* allows to execute SHOW DICTIONARIES, SHOW CREATE DICTIONARY, EXISTS <dictionary> */\
|
implicitly enabled by any grant on the table */\
|
||||||
|
M(SHOW_COLUMNS, "", COLUMN, SHOW) /* allows to execute SHOW CREATE TABLE, DESCRIBE;
|
||||||
|
implicitly enabled with any grant on the column */\
|
||||||
|
M(SHOW_DICTIONARIES, "", DICTIONARY, SHOW) /* allows to execute SHOW DICTIONARIES, SHOW CREATE DICTIONARY, EXISTS <dictionary>;
|
||||||
|
implicitly enabled by any grant on the dictionary */\
|
||||||
M(SHOW, "", GROUP, ALL) /* allows to execute SHOW, USE, EXISTS, CHECK, DESCRIBE */\
|
M(SHOW, "", GROUP, ALL) /* allows to execute SHOW, USE, EXISTS, CHECK, DESCRIBE */\
|
||||||
\
|
\
|
||||||
M(SELECT, "", COLUMN, ALL) \
|
M(SELECT, "", COLUMN, ALL) \
|
||||||
M(INSERT, "", COLUMN, ALL) \
|
M(INSERT, "", COLUMN, ALL) \
|
||||||
M(UPDATE, "ALTER UPDATE", COLUMN, ALTER_TABLE) /* allows to execute ALTER UPDATE */\
|
M(ALTER_UPDATE, "UPDATE", COLUMN, ALTER_TABLE) /* allows to execute ALTER UPDATE */\
|
||||||
M(DELETE, "ALTER DELETE", COLUMN, ALTER_TABLE) /* allows to execute ALTER DELETE */\
|
M(ALTER_DELETE, "DELETE", COLUMN, ALTER_TABLE) /* allows to execute ALTER DELETE */\
|
||||||
\
|
\
|
||||||
M(ADD_COLUMN, "ALTER ADD COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_ADD_COLUMN, "ADD COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(MODIFY_COLUMN, "ALTER MODIFY COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_MODIFY_COLUMN, "MODIFY COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(DROP_COLUMN, "ALTER DROP COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_DROP_COLUMN, "DROP COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(COMMENT_COLUMN, "ALTER COMMENT COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_COMMENT_COLUMN, "COMMENT COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(CLEAR_COLUMN, "ALTER CLEAR COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_CLEAR_COLUMN, "CLEAR COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(RENAME_COLUMN, "ALTER RENAME COLUMN", COLUMN, ALTER_COLUMN) \
|
M(ALTER_RENAME_COLUMN, "RENAME COLUMN", COLUMN, ALTER_COLUMN) \
|
||||||
M(ALTER_COLUMN, "", GROUP, ALTER_TABLE) /* allow to execute ALTER {ADD|DROP|MODIFY...} COLUMN */\
|
M(ALTER_COLUMN, "", GROUP, ALTER_TABLE) /* allow to execute ALTER {ADD|DROP|MODIFY...} COLUMN */\
|
||||||
\
|
\
|
||||||
M(ALTER_ORDER_BY, "MODIFY ORDER BY, ALTER MODIFY ORDER BY", TABLE, INDEX) \
|
M(ALTER_ORDER_BY, "ALTER MODIFY ORDER BY, MODIFY ORDER BY", TABLE, ALTER_INDEX) \
|
||||||
M(ADD_INDEX, "ALTER ADD INDEX", TABLE, INDEX) \
|
M(ALTER_ADD_INDEX, "ADD INDEX", TABLE, ALTER_INDEX) \
|
||||||
M(DROP_INDEX, "ALTER DROP INDEX", TABLE, INDEX) \
|
M(ALTER_DROP_INDEX, "DROP INDEX", TABLE, ALTER_INDEX) \
|
||||||
M(MATERIALIZE_INDEX, "ALTER MATERIALIZE INDEX", TABLE, INDEX) \
|
M(ALTER_MATERIALIZE_INDEX, "MATERIALIZE INDEX", TABLE, ALTER_INDEX) \
|
||||||
M(CLEAR_INDEX, "ALTER CLEAR INDEX", TABLE, INDEX) \
|
M(ALTER_CLEAR_INDEX, "CLEAR INDEX", TABLE, ALTER_INDEX) \
|
||||||
M(INDEX, "ALTER INDEX", GROUP, ALTER_TABLE) /* allows to execute ALTER ORDER BY or ALTER {ADD|DROP...} INDEX */\
|
M(ALTER_INDEX, "INDEX", GROUP, ALTER_TABLE) /* allows to execute ALTER ORDER BY or ALTER {ADD|DROP...} INDEX */\
|
||||||
\
|
\
|
||||||
M(ADD_CONSTRAINT, "ALTER ADD CONSTRAINT", TABLE, CONSTRAINT) \
|
M(ALTER_ADD_CONSTRAINT, "ADD CONSTRAINT", TABLE, ALTER_CONSTRAINT) \
|
||||||
M(DROP_CONSTRAINT, "ALTER DROP CONSTRAINT", TABLE, CONSTRAINT) \
|
M(ALTER_DROP_CONSTRAINT, "DROP CONSTRAINT", TABLE, ALTER_CONSTRAINT) \
|
||||||
M(CONSTRAINT, "ALTER CONSTRAINT", GROUP, ALTER_TABLE) /* allows to execute ALTER {ADD|DROP} CONSTRAINT */\
|
M(ALTER_CONSTRAINT, "CONSTRAINT", GROUP, ALTER_TABLE) /* allows to execute ALTER {ADD|DROP} CONSTRAINT */\
|
||||||
\
|
\
|
||||||
M(MODIFY_TTL, "ALTER MODIFY TTL", TABLE, ALTER_TABLE) /* allows to execute ALTER MODIFY TTL */\
|
M(ALTER_TTL, "ALTER MODIFY TTL, MODIFY TTL", TABLE, ALTER_TABLE) /* allows to execute ALTER MODIFY TTL */\
|
||||||
M(MATERIALIZE_TTL, "ALTER MATERIALIZE TTL", TABLE, ALTER_TABLE) /* allows to execute ALTER MATERIALIZE TTL */\
|
M(ALTER_MATERIALIZE_TTL, "MATERIALIZE TTL", TABLE, ALTER_TABLE) /* allows to execute ALTER MATERIALIZE TTL;
|
||||||
M(MODIFY_SETTING, "ALTER MODIFY SETTING", TABLE, ALTER_TABLE) /* allows to execute ALTER MODIFY SETTING */\
|
enabled implicitly by the grant ALTER_TABLE */\
|
||||||
M(MOVE_PARTITION, "ALTER MOVE PARTITION, MOVE PART, ALTER MOVE PART", TABLE, ALTER_TABLE) \
|
M(ALTER_SETTINGS, "ALTER SETTING, ALTER MODIFY SETTING, MODIFY SETTING", TABLE, ALTER_TABLE) /* allows to execute ALTER MODIFY SETTING */\
|
||||||
M(FETCH_PARTITION, "ALTER FETCH PARTITION", TABLE, ALTER_TABLE) \
|
M(ALTER_MOVE_PARTITION, "ALTER MOVE PART, MOVE PARTITION, MOVE PART", TABLE, ALTER_TABLE) \
|
||||||
M(FREEZE_PARTITION, "ALTER FREEZE PARTITION", TABLE, ALTER_TABLE) \
|
M(ALTER_FETCH_PARTITION, "FETCH PARTITION", TABLE, ALTER_TABLE) \
|
||||||
|
M(ALTER_FREEZE_PARTITION, "FREEZE PARTITION", TABLE, ALTER_TABLE) \
|
||||||
\
|
\
|
||||||
M(ALTER_TABLE, "", GROUP, ALTER) \
|
M(ALTER_TABLE, "", GROUP, ALTER) \
|
||||||
\
|
\
|
||||||
M(REFRESH_VIEW, "ALTER LIVE VIEW REFRESH", VIEW, ALTER_VIEW) \
|
M(ALTER_VIEW_REFRESH, "ALTER LIVE VIEW REFRESH, REFRESH VIEW", VIEW, ALTER_VIEW) \
|
||||||
M(MODIFY_VIEW_QUERY, "ALTER TABLE MODIFY QUERY", VIEW, ALTER_VIEW) \
|
M(ALTER_VIEW_MODIFY_QUERY, "ALTER TABLE MODIFY QUERY", VIEW, ALTER_VIEW) \
|
||||||
M(ALTER_VIEW, "", GROUP, ALTER) /* allows to execute ALTER LIVE VIEW REFRESH, ALTER TABLE MODIFY QUERY */\
|
M(ALTER_VIEW, "", GROUP, ALTER) /* allows to execute ALTER VIEW REFRESH, ALTER VIEW MODIFY QUERY;
|
||||||
|
implicitly enabled by the grant ALTER_TABLE */\
|
||||||
\
|
\
|
||||||
M(ALTER, "", GROUP, ALL) /* allows to execute ALTER {TABLE|LIVE VIEW} */\
|
M(ALTER, "", GROUP, ALL) /* allows to execute ALTER {TABLE|LIVE VIEW} */\
|
||||||
\
|
\
|
||||||
M(CREATE_DATABASE, "", DATABASE, CREATE) /* allows to execute {CREATE|ATTACH} DATABASE */\
|
M(CREATE_DATABASE, "", DATABASE, CREATE) /* allows to execute {CREATE|ATTACH} DATABASE */\
|
||||||
M(CREATE_TABLE, "", TABLE, CREATE) /* allows to execute {CREATE|ATTACH} {TABLE|VIEW} */\
|
M(CREATE_TABLE, "", TABLE, CREATE) /* allows to execute {CREATE|ATTACH} {TABLE|VIEW} */\
|
||||||
M(CREATE_VIEW, "", VIEW, CREATE) /* allows to execute {CREATE|ATTACH} VIEW */\
|
M(CREATE_VIEW, "", VIEW, CREATE) /* allows to execute {CREATE|ATTACH} VIEW;
|
||||||
|
implicitly enabled by the grant CREATE_TABLE */\
|
||||||
M(CREATE_DICTIONARY, "", DICTIONARY, CREATE) /* allows to execute {CREATE|ATTACH} DICTIONARY */\
|
M(CREATE_DICTIONARY, "", DICTIONARY, CREATE) /* allows to execute {CREATE|ATTACH} DICTIONARY */\
|
||||||
M(CREATE_TEMPORARY_TABLE, "", GLOBAL, CREATE) /* allows to create and manipulate temporary tables */ \
|
M(CREATE_TEMPORARY_TABLE, "", GLOBAL, CREATE) /* allows to create and manipulate temporary tables;
|
||||||
|
implicitly enabled by the grant CREATE_TABLE on any table */ \
|
||||||
M(CREATE, "", GROUP, ALL) /* allows to execute {CREATE|ATTACH} */ \
|
M(CREATE, "", GROUP, ALL) /* allows to execute {CREATE|ATTACH} */ \
|
||||||
\
|
\
|
||||||
M(DROP_DATABASE, "", DATABASE, DROP) /* allows to execute {DROP|DETACH} DATABASE */\
|
M(DROP_DATABASE, "", DATABASE, DROP) /* allows to execute {DROP|DETACH} DATABASE */\
|
||||||
M(DROP_TABLE, "", TABLE, DROP) /* allows to execute {DROP|DETACH} TABLE */\
|
M(DROP_TABLE, "", TABLE, DROP) /* allows to execute {DROP|DETACH} TABLE */\
|
||||||
M(DROP_VIEW, "", VIEW, DROP) /* allows to execute {DROP|DETACH} TABLE for views */\
|
M(DROP_VIEW, "", VIEW, DROP) /* allows to execute {DROP|DETACH} TABLE for views;
|
||||||
|
implicitly enabled by the grant DROP_TABLE */\
|
||||||
M(DROP_DICTIONARY, "", DICTIONARY, DROP) /* allows to execute {DROP|DETACH} DICTIONARY */\
|
M(DROP_DICTIONARY, "", DICTIONARY, DROP) /* allows to execute {DROP|DETACH} DICTIONARY */\
|
||||||
M(DROP, "", GROUP, ALL) /* allows to execute {DROP|DETACH} */\
|
M(DROP, "", GROUP, ALL) /* allows to execute {DROP|DETACH} */\
|
||||||
\
|
\
|
||||||
M(TRUNCATE, "TRUNCATE TABLE", TABLE, ALL) \
|
M(TRUNCATE, "TRUNCATE TABLE", TABLE, ALL) \
|
||||||
M(OPTIMIZE, "OPTIMIZE TABLE", TABLE, ALL) \
|
M(OPTIMIZE, "OPTIMIZE TABLE", TABLE, ALL) \
|
||||||
\
|
\
|
||||||
M(KILL_QUERY, "", GLOBAL, ALL) /* allows to kill a query started by another user (anyone can kill his own queries) */\
|
M(KILL_QUERY, "", GLOBAL, ALL) /* allows to kill a query started by another user
|
||||||
|
(anyone can kill his own queries) */\
|
||||||
\
|
\
|
||||||
M(CREATE_USER, "", GLOBAL, ALL) \
|
M(CREATE_USER, "", GLOBAL, ALL) \
|
||||||
M(ALTER_USER, "", GLOBAL, ALL) \
|
M(ALTER_USER, "", GLOBAL, ALL) \
|
||||||
@ -98,21 +108,29 @@ enum class AccessType
|
|||||||
M(ALTER_SETTINGS_PROFILE, "ALTER PROFILE", GLOBAL, ALL) \
|
M(ALTER_SETTINGS_PROFILE, "ALTER PROFILE", GLOBAL, ALL) \
|
||||||
M(DROP_SETTINGS_PROFILE, "DROP PROFILE", GLOBAL, ALL) \
|
M(DROP_SETTINGS_PROFILE, "DROP PROFILE", GLOBAL, ALL) \
|
||||||
\
|
\
|
||||||
M(SHUTDOWN, "SYSTEM SHUTDOWN, SYSTEM KILL", GLOBAL, SYSTEM) \
|
M(SYSTEM_SHUTDOWN, "SYSTEM KILL, SHUTDOWN", GLOBAL, SYSTEM) \
|
||||||
M(DROP_CACHE, "SYSTEM DROP CACHE, DROP DNS CACHE, SYSTEM DROP DNS CACHE, DROP MARK CACHE, SYSTEM DROP MARK CACHE, DROP UNCOMPRESSED CACHE, SYSTEM DROP UNCOMPRESSED CACHE, DROP COMPILED EXPRESSION CACHE, SYSTEM DROP COMPILED EXPRESSION CACHE", GLOBAL, SYSTEM) \
|
M(SYSTEM_DROP_DNS_CACHE, "SYSTEM DROP DNS, DROP DNS CACHE, DROP DNS", GLOBAL, SYSTEM_DROP_CACHE) \
|
||||||
M(RELOAD_CONFIG, "SYSTEM RELOAD CONFIG", GLOBAL, SYSTEM) \
|
M(SYSTEM_DROP_MARK_CACHE, "SYSTEM DROP MARK, DROP MARK CACHE, DROP MARKS", GLOBAL, SYSTEM_DROP_CACHE) \
|
||||||
M(RELOAD_DICTIONARY, "SYSTEM RELOAD DICTIONARY, RELOAD DICTIONARIES, SYSTEM RELOAD DICTIONARIES, RELOAD EMBEDDED DICTIONARIES, SYSTEM RELOAD EMBEDDED DICTIONARIES", GLOBAL, SYSTEM) \
|
M(SYSTEM_DROP_UNCOMPRESSED_CACHE, "SYSTEM DROP UNCOMPRESSED, DROP UNCOMPRESSED CACHE, DROP UNCOMPRESSED", GLOBAL, SYSTEM_DROP_CACHE) \
|
||||||
M(STOP_MERGES, "SYSTEM STOP MERGES, START MERGES, SYSTEM START MERGES", TABLE, SYSTEM) \
|
M(SYSTEM_DROP_COMPILED_EXPRESSION_CACHE, "SYSTEM DROP COMPILED EXPRESSION, DROP COMPILED EXPRESSION CACHE, DROP COMPILED EXPRESSIONS", GLOBAL, SYSTEM_DROP_CACHE) \
|
||||||
M(STOP_TTL_MERGES, "SYSTEM STOP TTL MERGES, START TTL MERGES, SYSTEM START TTL MERGES", TABLE, SYSTEM) \
|
M(SYSTEM_DROP_CACHE, "DROP CACHE", GROUP, SYSTEM) \
|
||||||
M(STOP_FETCHES, "SYSTEM STOP FETCHES, START FETCHES, SYSTEM START FETCHES", TABLE, SYSTEM) \
|
M(SYSTEM_RELOAD_CONFIG, "RELOAD CONFIG", GLOBAL, SYSTEM_RELOAD) \
|
||||||
M(STOP_MOVES, "SYSTEM STOP MOVES, START MOVES, SYSTEM START MOVES", TABLE, SYSTEM) \
|
M(SYSTEM_RELOAD_DICTIONARY, "SYSTEM RELOAD DICTIONARIES, RELOAD DICTIONARY, RELOAD DICTIONARIES", GLOBAL, SYSTEM_RELOAD) \
|
||||||
M(STOP_DISTRIBUTED_SENDS, "SYSTEM STOP DISTRIBUTED SENDS, START DISTRIBUTED SENDS, SYSTEM START DISTRIBUTED SENDS", TABLE, SYSTEM) \
|
M(SYSTEM_RELOAD_EMBEDDED_DICTIONARIES, "RELOAD EMBEDDED DICTIONARIES", GLOBAL, SYSTEM_RELOAD) /* implicitly enabled by the grant SYSTEM_RELOAD_DICTIONARY ON *.* */\
|
||||||
M(STOP_REPLICATED_SENDS, "SYSTEM STOP REPLICATED SENDS, START REPLICATED SENDS, SYSTEM START REPLICATED SENDS", TABLE, SYSTEM) \
|
M(SYSTEM_RELOAD, "", GROUP, SYSTEM) \
|
||||||
M(STOP_REPLICATION_QUEUES, "SYSTEM STOP REPLICATION QUEUES, START REPLICATION QUEUES, SYSTEM START REPLICATION QUEUES", TABLE, SYSTEM) \
|
M(SYSTEM_MERGES, "SYSTEM STOP MERGES, SYSTEM START MERGES, STOP_MERGES, START MERGES", TABLE, SYSTEM) \
|
||||||
M(SYNC_REPLICA, "SYSTEM SYNC REPLICA", TABLE, SYSTEM) \
|
M(SYSTEM_TTL_MERGES, "SYSTEM STOP TTL MERGES, SYSTEM START TTL MERGES, STOP TTL MERGES, START TTL MERGES", TABLE, SYSTEM) \
|
||||||
M(RESTART_REPLICA, "SYSTEM RESTART REPLICA", TABLE, SYSTEM) \
|
M(SYSTEM_FETCHES, "SYSTEM STOP FETCHES, SYSTEM START FETCHES, STOP FETCHES, START FETCHES", TABLE, SYSTEM) \
|
||||||
M(FLUSH_DISTRIBUTED, "SYSTEM FLUSH DISTRIBUTED", TABLE, SYSTEM) \
|
M(SYSTEM_MOVES, "SYSTEM STOP MOVES, SYSTEM START MOVES, STOP MOVES, START MOVES", TABLE, SYSTEM) \
|
||||||
M(FLUSH_LOGS, "SYSTEM FLUSH LOGS", GLOBAL, SYSTEM) \
|
M(SYSTEM_DISTRIBUTED_SENDS, "SYSTEM STOP DISTRIBUTED SENDS, SYSTEM START DISTRIBUTED SENDS, STOP DISTRIBUTED SENDS, START DISTRIBUTED SENDS", TABLE, SYSTEM_SENDS) \
|
||||||
|
M(SYSTEM_REPLICATED_SENDS, "SYSTEM STOP REPLICATED SENDS, SYSTEM START REPLICATED SENDS, STOP_REPLICATED_SENDS, START REPLICATED SENDS", TABLE, SYSTEM_SENDS) \
|
||||||
|
M(SYSTEM_SENDS, "SYSTEM STOP SENDS, SYSTEM START SENDS, STOP SENDS, START SENDS", GROUP, SYSTEM) \
|
||||||
|
M(SYSTEM_REPLICATION_QUEUES, "SYSTEM STOP REPLICATION QUEUES, SYSTEM START REPLICATION QUEUES, STOP_REPLICATION_QUEUES, START REPLICATION QUEUES", TABLE, SYSTEM) \
|
||||||
|
M(SYSTEM_SYNC_REPLICA, "SYNC REPLICA", TABLE, SYSTEM) \
|
||||||
|
M(SYSTEM_RESTART_REPLICA, "RESTART REPLICA", TABLE, SYSTEM) \
|
||||||
|
M(SYSTEM_FLUSH_DISTRIBUTED, "FLUSH DISTRIBUTED", TABLE, SYSTEM_FLUSH) \
|
||||||
|
M(SYSTEM_FLUSH_LOGS, "FLUSH LOGS", GLOBAL, SYSTEM_FLUSH) \
|
||||||
|
M(SYSTEM_FLUSH, "", GROUP, SYSTEM) \
|
||||||
M(SYSTEM, "", GROUP, ALL) /* allows to execute SYSTEM {SHUTDOWN|RELOAD CONFIG|...} */ \
|
M(SYSTEM, "", GROUP, ALL) /* allows to execute SYSTEM {SHUTDOWN|RELOAD CONFIG|...} */ \
|
||||||
\
|
\
|
||||||
M(dictGet, "dictHas, dictGetHierarchy, dictIsIn", DICTIONARY, ALL) /* allows to execute functions dictGet(), dictHas(), dictGetHierarchy(), dictIsIn() */\
|
M(dictGet, "dictHas, dictGetHierarchy, dictIsIn", DICTIONARY, ALL) /* allows to execute functions dictGet(), dictHas(), dictGetHierarchy(), dictIsIn() */\
|
||||||
|
|||||||
@ -149,35 +149,35 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
|||||||
{
|
{
|
||||||
case ASTAlterCommand::UPDATE:
|
case ASTAlterCommand::UPDATE:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::UPDATE, database, table, column_names_from_update_assignments());
|
required_access.emplace_back(AccessType::ALTER_UPDATE, database, table, column_names_from_update_assignments());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::DELETE:
|
case ASTAlterCommand::DELETE:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::DELETE, database, table);
|
required_access.emplace_back(AccessType::ALTER_DELETE, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::ADD_COLUMN:
|
case ASTAlterCommand::ADD_COLUMN:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::ADD_COLUMN, database, table, column_name_from_col_decl());
|
required_access.emplace_back(AccessType::ALTER_ADD_COLUMN, database, table, column_name_from_col_decl());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::DROP_COLUMN:
|
case ASTAlterCommand::DROP_COLUMN:
|
||||||
{
|
{
|
||||||
if (command.clear_column)
|
if (command.clear_column)
|
||||||
required_access.emplace_back(AccessType::CLEAR_COLUMN, database, table, column_name());
|
required_access.emplace_back(AccessType::ALTER_CLEAR_COLUMN, database, table, column_name());
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::DROP_COLUMN, database, table, column_name());
|
required_access.emplace_back(AccessType::ALTER_DROP_COLUMN, database, table, column_name());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MODIFY_COLUMN:
|
case ASTAlterCommand::MODIFY_COLUMN:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MODIFY_COLUMN, database, table, column_name_from_col_decl());
|
required_access.emplace_back(AccessType::ALTER_MODIFY_COLUMN, database, table, column_name_from_col_decl());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::COMMENT_COLUMN:
|
case ASTAlterCommand::COMMENT_COLUMN:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::COMMENT_COLUMN, database, table, column_name());
|
required_access.emplace_back(AccessType::ALTER_COMMENT_COLUMN, database, table, column_name());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MODIFY_ORDER_BY:
|
case ASTAlterCommand::MODIFY_ORDER_BY:
|
||||||
@ -187,45 +187,45 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
|||||||
}
|
}
|
||||||
case ASTAlterCommand::ADD_INDEX:
|
case ASTAlterCommand::ADD_INDEX:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::ADD_INDEX, database, table);
|
required_access.emplace_back(AccessType::ALTER_ADD_INDEX, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::DROP_INDEX:
|
case ASTAlterCommand::DROP_INDEX:
|
||||||
{
|
{
|
||||||
if (command.clear_index)
|
if (command.clear_index)
|
||||||
required_access.emplace_back(AccessType::CLEAR_INDEX, database, table);
|
required_access.emplace_back(AccessType::ALTER_CLEAR_INDEX, database, table);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::DROP_INDEX, database, table);
|
required_access.emplace_back(AccessType::ALTER_DROP_INDEX, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MATERIALIZE_INDEX:
|
case ASTAlterCommand::MATERIALIZE_INDEX:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MATERIALIZE_INDEX, database, table);
|
required_access.emplace_back(AccessType::ALTER_MATERIALIZE_INDEX, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::ADD_CONSTRAINT:
|
case ASTAlterCommand::ADD_CONSTRAINT:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::ADD_CONSTRAINT, database, table);
|
required_access.emplace_back(AccessType::ALTER_ADD_CONSTRAINT, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::DROP_CONSTRAINT:
|
case ASTAlterCommand::DROP_CONSTRAINT:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::DROP_CONSTRAINT, database, table);
|
required_access.emplace_back(AccessType::ALTER_DROP_CONSTRAINT, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MODIFY_TTL:
|
case ASTAlterCommand::MODIFY_TTL:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MODIFY_TTL, database, table);
|
required_access.emplace_back(AccessType::ALTER_TTL, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MATERIALIZE_TTL:
|
case ASTAlterCommand::MATERIALIZE_TTL:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MATERIALIZE_TTL, database, table);
|
required_access.emplace_back(AccessType::ALTER_MATERIALIZE_TTL, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MODIFY_SETTING:
|
case ASTAlterCommand::MODIFY_SETTING:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MODIFY_SETTING, database, table);
|
required_access.emplace_back(AccessType::ALTER_SETTINGS, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::ATTACH_PARTITION:
|
case ASTAlterCommand::ATTACH_PARTITION:
|
||||||
@ -236,7 +236,7 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
|||||||
case ASTAlterCommand::DROP_PARTITION: [[fallthrough]];
|
case ASTAlterCommand::DROP_PARTITION: [[fallthrough]];
|
||||||
case ASTAlterCommand::DROP_DETACHED_PARTITION:
|
case ASTAlterCommand::DROP_DETACHED_PARTITION:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::DELETE, database, table);
|
required_access.emplace_back(AccessType::ALTER_DELETE, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MOVE_PARTITION:
|
case ASTAlterCommand::MOVE_PARTITION:
|
||||||
@ -244,11 +244,11 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
|||||||
if ((command.move_destination_type == PartDestinationType::DISK)
|
if ((command.move_destination_type == PartDestinationType::DISK)
|
||||||
|| (command.move_destination_type == PartDestinationType::VOLUME))
|
|| (command.move_destination_type == PartDestinationType::VOLUME))
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MOVE_PARTITION, database, table);
|
required_access.emplace_back(AccessType::ALTER_MOVE_PARTITION, database, table);
|
||||||
}
|
}
|
||||||
else if (command.move_destination_type == PartDestinationType::TABLE)
|
else if (command.move_destination_type == PartDestinationType::TABLE)
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::SELECT | AccessType::DELETE, database, table);
|
required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
|
||||||
required_access.emplace_back(AccessType::INSERT, command.to_database, command.to_table);
|
required_access.emplace_back(AccessType::INSERT, command.to_database, command.to_table);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -256,33 +256,33 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
|||||||
case ASTAlterCommand::REPLACE_PARTITION:
|
case ASTAlterCommand::REPLACE_PARTITION:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::SELECT, command.from_database, command.from_table);
|
required_access.emplace_back(AccessType::SELECT, command.from_database, command.from_table);
|
||||||
required_access.emplace_back(AccessType::DELETE | AccessType::INSERT, database, table);
|
required_access.emplace_back(AccessType::ALTER_DELETE | AccessType::INSERT, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::FETCH_PARTITION:
|
case ASTAlterCommand::FETCH_PARTITION:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::FETCH_PARTITION, database, table);
|
required_access.emplace_back(AccessType::ALTER_FETCH_PARTITION, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::FREEZE_PARTITION: [[fallthrough]];
|
case ASTAlterCommand::FREEZE_PARTITION: [[fallthrough]];
|
||||||
case ASTAlterCommand::FREEZE_ALL:
|
case ASTAlterCommand::FREEZE_ALL:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::FREEZE_PARTITION, database, table);
|
required_access.emplace_back(AccessType::ALTER_FREEZE_PARTITION, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::MODIFY_QUERY:
|
case ASTAlterCommand::MODIFY_QUERY:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::MODIFY_VIEW_QUERY, database, table);
|
required_access.emplace_back(AccessType::ALTER_VIEW_MODIFY_QUERY, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::LIVE_VIEW_REFRESH:
|
case ASTAlterCommand::LIVE_VIEW_REFRESH:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::REFRESH_VIEW, database, table);
|
required_access.emplace_back(AccessType::ALTER_VIEW_REFRESH, database, table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::RENAME_COLUMN:
|
case ASTAlterCommand::RENAME_COLUMN:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::RENAME_COLUMN, database, table, column_name());
|
required_access.emplace_back(AccessType::ALTER_RENAME_COLUMN, database, table, column_name());
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ASTAlterCommand::NO_TYPE: break;
|
case ASTAlterCommand::NO_TYPE: break;
|
||||||
|
|||||||
@ -319,7 +319,7 @@ AccessRightsElements InterpreterKillQueryQuery::getRequiredAccessForDDLOnCluster
|
|||||||
if (query.type == ASTKillQueryQuery::Type::Query)
|
if (query.type == ASTKillQueryQuery::Type::Query)
|
||||||
required_access.emplace_back(AccessType::KILL_QUERY);
|
required_access.emplace_back(AccessType::KILL_QUERY);
|
||||||
else if (query.type == ASTKillQueryQuery::Type::Mutation)
|
else if (query.type == ASTKillQueryQuery::Type::Mutation)
|
||||||
required_access.emplace_back(AccessType::UPDATE | AccessType::DELETE | AccessType::MATERIALIZE_INDEX | AccessType::MATERIALIZE_TTL);
|
required_access.emplace_back(AccessType::ALTER_UPDATE | AccessType::ALTER_DELETE | AccessType::ALTER_MATERIALIZE_INDEX | AccessType::ALTER_MATERIALIZE_TTL);
|
||||||
return required_access;
|
return required_access;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -102,19 +102,19 @@ void executeCommandsAndThrowIfError(Callables && ... commands)
|
|||||||
AccessType getRequiredAccessType(StorageActionBlockType action_type)
|
AccessType getRequiredAccessType(StorageActionBlockType action_type)
|
||||||
{
|
{
|
||||||
if (action_type == ActionLocks::PartsMerge)
|
if (action_type == ActionLocks::PartsMerge)
|
||||||
return AccessType::STOP_MERGES;
|
return AccessType::SYSTEM_MERGES;
|
||||||
else if (action_type == ActionLocks::PartsFetch)
|
else if (action_type == ActionLocks::PartsFetch)
|
||||||
return AccessType::STOP_FETCHES;
|
return AccessType::SYSTEM_FETCHES;
|
||||||
else if (action_type == ActionLocks::PartsSend)
|
else if (action_type == ActionLocks::PartsSend)
|
||||||
return AccessType::STOP_REPLICATED_SENDS;
|
return AccessType::SYSTEM_REPLICATED_SENDS;
|
||||||
else if (action_type == ActionLocks::ReplicationQueue)
|
else if (action_type == ActionLocks::ReplicationQueue)
|
||||||
return AccessType::STOP_REPLICATION_QUEUES;
|
return AccessType::SYSTEM_REPLICATION_QUEUES;
|
||||||
else if (action_type == ActionLocks::DistributedSend)
|
else if (action_type == ActionLocks::DistributedSend)
|
||||||
return AccessType::STOP_DISTRIBUTED_SENDS;
|
return AccessType::SYSTEM_DISTRIBUTED_SENDS;
|
||||||
else if (action_type == ActionLocks::PartsTTLMerge)
|
else if (action_type == ActionLocks::PartsTTLMerge)
|
||||||
return AccessType::STOP_TTL_MERGES;
|
return AccessType::SYSTEM_TTL_MERGES;
|
||||||
else if (action_type == ActionLocks::PartsMove)
|
else if (action_type == ActionLocks::PartsMove)
|
||||||
return AccessType::STOP_MOVES;
|
return AccessType::SYSTEM_MOVES;
|
||||||
else
|
else
|
||||||
throw Exception("Unknown action type: " + std::to_string(action_type), ErrorCodes::LOGICAL_ERROR);
|
throw Exception("Unknown action type: " + std::to_string(action_type), ErrorCodes::LOGICAL_ERROR);
|
||||||
}
|
}
|
||||||
@ -183,42 +183,42 @@ BlockIO InterpreterSystemQuery::execute()
|
|||||||
switch (query.type)
|
switch (query.type)
|
||||||
{
|
{
|
||||||
case Type::SHUTDOWN:
|
case Type::SHUTDOWN:
|
||||||
context.checkAccess(AccessType::SHUTDOWN);
|
context.checkAccess(AccessType::SYSTEM_SHUTDOWN);
|
||||||
if (kill(0, SIGTERM))
|
if (kill(0, SIGTERM))
|
||||||
throwFromErrno("System call kill(0, SIGTERM) failed", ErrorCodes::CANNOT_KILL);
|
throwFromErrno("System call kill(0, SIGTERM) failed", ErrorCodes::CANNOT_KILL);
|
||||||
break;
|
break;
|
||||||
case Type::KILL:
|
case Type::KILL:
|
||||||
context.checkAccess(AccessType::SHUTDOWN);
|
context.checkAccess(AccessType::SYSTEM_SHUTDOWN);
|
||||||
if (kill(0, SIGKILL))
|
if (kill(0, SIGKILL))
|
||||||
throwFromErrno("System call kill(0, SIGKILL) failed", ErrorCodes::CANNOT_KILL);
|
throwFromErrno("System call kill(0, SIGKILL) failed", ErrorCodes::CANNOT_KILL);
|
||||||
break;
|
break;
|
||||||
case Type::DROP_DNS_CACHE:
|
case Type::DROP_DNS_CACHE:
|
||||||
context.checkAccess(AccessType::DROP_CACHE);
|
context.checkAccess(AccessType::SYSTEM_DROP_DNS_CACHE);
|
||||||
DNSResolver::instance().dropCache();
|
DNSResolver::instance().dropCache();
|
||||||
/// Reinitialize clusters to update their resolved_addresses
|
/// Reinitialize clusters to update their resolved_addresses
|
||||||
system_context.reloadClusterConfig();
|
system_context.reloadClusterConfig();
|
||||||
break;
|
break;
|
||||||
case Type::DROP_MARK_CACHE:
|
case Type::DROP_MARK_CACHE:
|
||||||
context.checkAccess(AccessType::DROP_CACHE);
|
context.checkAccess(AccessType::SYSTEM_DROP_MARK_CACHE);
|
||||||
system_context.dropMarkCache();
|
system_context.dropMarkCache();
|
||||||
break;
|
break;
|
||||||
case Type::DROP_UNCOMPRESSED_CACHE:
|
case Type::DROP_UNCOMPRESSED_CACHE:
|
||||||
context.checkAccess(AccessType::DROP_CACHE);
|
context.checkAccess(AccessType::SYSTEM_DROP_UNCOMPRESSED_CACHE);
|
||||||
system_context.dropUncompressedCache();
|
system_context.dropUncompressedCache();
|
||||||
break;
|
break;
|
||||||
#if USE_EMBEDDED_COMPILER
|
#if USE_EMBEDDED_COMPILER
|
||||||
case Type::DROP_COMPILED_EXPRESSION_CACHE:
|
case Type::DROP_COMPILED_EXPRESSION_CACHE:
|
||||||
context.checkAccess(AccessType::DROP_CACHE);
|
context.checkAccess(AccessType::SYSTEM_DROP_COMPILED_EXPRESSION_CACHE);
|
||||||
system_context.dropCompiledExpressionCache();
|
system_context.dropCompiledExpressionCache();
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
case Type::RELOAD_DICTIONARY:
|
case Type::RELOAD_DICTIONARY:
|
||||||
context.checkAccess(AccessType::RELOAD_DICTIONARY);
|
context.checkAccess(AccessType::SYSTEM_RELOAD_DICTIONARY);
|
||||||
system_context.getExternalDictionariesLoader().loadOrReload(query.target_dictionary);
|
system_context.getExternalDictionariesLoader().loadOrReload(query.target_dictionary);
|
||||||
ExternalDictionariesLoader::resetAll();
|
ExternalDictionariesLoader::resetAll();
|
||||||
break;
|
break;
|
||||||
case Type::RELOAD_DICTIONARIES:
|
case Type::RELOAD_DICTIONARIES:
|
||||||
context.checkAccess(AccessType::RELOAD_DICTIONARY);
|
context.checkAccess(AccessType::SYSTEM_RELOAD_DICTIONARY);
|
||||||
executeCommandsAndThrowIfError(
|
executeCommandsAndThrowIfError(
|
||||||
[&] () { system_context.getExternalDictionariesLoader().reloadAllTriedToLoad(); },
|
[&] () { system_context.getExternalDictionariesLoader().reloadAllTriedToLoad(); },
|
||||||
[&] () { system_context.getEmbeddedDictionaries().reload(); }
|
[&] () { system_context.getEmbeddedDictionaries().reload(); }
|
||||||
@ -226,11 +226,11 @@ BlockIO InterpreterSystemQuery::execute()
|
|||||||
ExternalDictionariesLoader::resetAll();
|
ExternalDictionariesLoader::resetAll();
|
||||||
break;
|
break;
|
||||||
case Type::RELOAD_EMBEDDED_DICTIONARIES:
|
case Type::RELOAD_EMBEDDED_DICTIONARIES:
|
||||||
context.checkAccess(AccessType::RELOAD_DICTIONARY);
|
context.checkAccess(AccessType::SYSTEM_RELOAD_EMBEDDED_DICTIONARIES);
|
||||||
system_context.getEmbeddedDictionaries().reload();
|
system_context.getEmbeddedDictionaries().reload();
|
||||||
break;
|
break;
|
||||||
case Type::RELOAD_CONFIG:
|
case Type::RELOAD_CONFIG:
|
||||||
context.checkAccess(AccessType::RELOAD_CONFIG);
|
context.checkAccess(AccessType::SYSTEM_RELOAD_CONFIG);
|
||||||
system_context.reloadConfig();
|
system_context.reloadConfig();
|
||||||
break;
|
break;
|
||||||
case Type::STOP_MERGES:
|
case Type::STOP_MERGES:
|
||||||
@ -290,7 +290,7 @@ BlockIO InterpreterSystemQuery::execute()
|
|||||||
ErrorCodes::BAD_ARGUMENTS);
|
ErrorCodes::BAD_ARGUMENTS);
|
||||||
break;
|
break;
|
||||||
case Type::FLUSH_LOGS:
|
case Type::FLUSH_LOGS:
|
||||||
context.checkAccess(AccessType::FLUSH_LOGS);
|
context.checkAccess(AccessType::SYSTEM_FLUSH_LOGS);
|
||||||
executeCommandsAndThrowIfError(
|
executeCommandsAndThrowIfError(
|
||||||
[&] () { if (auto query_log = context.getQueryLog()) query_log->flush(); },
|
[&] () { if (auto query_log = context.getQueryLog()) query_log->flush(); },
|
||||||
[&] () { if (auto part_log = context.getPartLog("")) part_log->flush(); },
|
[&] () { if (auto part_log = context.getPartLog("")) part_log->flush(); },
|
||||||
@ -313,7 +313,7 @@ BlockIO InterpreterSystemQuery::execute()
|
|||||||
|
|
||||||
StoragePtr InterpreterSystemQuery::tryRestartReplica(const StorageID & replica, Context & system_context, bool need_ddl_guard)
|
StoragePtr InterpreterSystemQuery::tryRestartReplica(const StorageID & replica, Context & system_context, bool need_ddl_guard)
|
||||||
{
|
{
|
||||||
context.checkAccess(AccessType::RESTART_REPLICA, replica);
|
context.checkAccess(AccessType::SYSTEM_RESTART_REPLICA, replica);
|
||||||
|
|
||||||
auto table_ddl_guard = need_ddl_guard ? DatabaseCatalog::instance().getDDLGuard(replica.getDatabaseName(), replica.getTableName()) : nullptr;
|
auto table_ddl_guard = need_ddl_guard ? DatabaseCatalog::instance().getDDLGuard(replica.getDatabaseName(), replica.getTableName()) : nullptr;
|
||||||
auto [database, table] = DatabaseCatalog::instance().tryGetDatabaseAndTable(replica);
|
auto [database, table] = DatabaseCatalog::instance().tryGetDatabaseAndTable(replica);
|
||||||
@ -387,7 +387,7 @@ void InterpreterSystemQuery::restartReplicas(Context & system_context)
|
|||||||
|
|
||||||
void InterpreterSystemQuery::syncReplica(ASTSystemQuery &)
|
void InterpreterSystemQuery::syncReplica(ASTSystemQuery &)
|
||||||
{
|
{
|
||||||
context.checkAccess(AccessType::SYNC_REPLICA, table_id);
|
context.checkAccess(AccessType::SYSTEM_SYNC_REPLICA, table_id);
|
||||||
StoragePtr table = DatabaseCatalog::instance().getTable(table_id);
|
StoragePtr table = DatabaseCatalog::instance().getTable(table_id);
|
||||||
|
|
||||||
if (auto storage_replicated = dynamic_cast<StorageReplicatedMergeTree *>(table.get()))
|
if (auto storage_replicated = dynamic_cast<StorageReplicatedMergeTree *>(table.get()))
|
||||||
@ -408,7 +408,7 @@ void InterpreterSystemQuery::syncReplica(ASTSystemQuery &)
|
|||||||
|
|
||||||
void InterpreterSystemQuery::flushDistributed(ASTSystemQuery &)
|
void InterpreterSystemQuery::flushDistributed(ASTSystemQuery &)
|
||||||
{
|
{
|
||||||
context.checkAccess(AccessType::FLUSH_DISTRIBUTED, table_id);
|
context.checkAccess(AccessType::SYSTEM_FLUSH_DISTRIBUTED, table_id);
|
||||||
|
|
||||||
if (auto storage_distributed = dynamic_cast<StorageDistributed *>(DatabaseCatalog::instance().getTable(table_id).get()))
|
if (auto storage_distributed = dynamic_cast<StorageDistributed *>(DatabaseCatalog::instance().getTable(table_id).get()))
|
||||||
storage_distributed->flushClusterNodesAllData();
|
storage_distributed->flushClusterNodesAllData();
|
||||||
@ -427,7 +427,7 @@ AccessRightsElements InterpreterSystemQuery::getRequiredAccessForDDLOnCluster()
|
|||||||
case Type::SHUTDOWN: [[fallthrough]];
|
case Type::SHUTDOWN: [[fallthrough]];
|
||||||
case Type::KILL:
|
case Type::KILL:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::SHUTDOWN);
|
required_access.emplace_back(AccessType::SYSTEM_SHUTDOWN);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::DROP_DNS_CACHE: [[fallthrough]];
|
case Type::DROP_DNS_CACHE: [[fallthrough]];
|
||||||
@ -437,107 +437,107 @@ AccessRightsElements InterpreterSystemQuery::getRequiredAccessForDDLOnCluster()
|
|||||||
#endif
|
#endif
|
||||||
case Type::DROP_UNCOMPRESSED_CACHE:
|
case Type::DROP_UNCOMPRESSED_CACHE:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::DROP_CACHE);
|
required_access.emplace_back(AccessType::SYSTEM_DROP_CACHE);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::RELOAD_DICTIONARY: [[fallthrough]];
|
case Type::RELOAD_DICTIONARY: [[fallthrough]];
|
||||||
case Type::RELOAD_DICTIONARIES: [[fallthrough]];
|
case Type::RELOAD_DICTIONARIES: [[fallthrough]];
|
||||||
case Type::RELOAD_EMBEDDED_DICTIONARIES:
|
case Type::RELOAD_EMBEDDED_DICTIONARIES:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::RELOAD_DICTIONARY);
|
required_access.emplace_back(AccessType::SYSTEM_RELOAD_DICTIONARY);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::RELOAD_CONFIG:
|
case Type::RELOAD_CONFIG:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::RELOAD_CONFIG);
|
required_access.emplace_back(AccessType::SYSTEM_RELOAD_CONFIG);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_MERGES: [[fallthrough]];
|
case Type::STOP_MERGES: [[fallthrough]];
|
||||||
case Type::START_MERGES:
|
case Type::START_MERGES:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_MERGES);
|
required_access.emplace_back(AccessType::SYSTEM_MERGES);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_MERGES, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_MERGES, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_TTL_MERGES: [[fallthrough]];
|
case Type::STOP_TTL_MERGES: [[fallthrough]];
|
||||||
case Type::START_TTL_MERGES:
|
case Type::START_TTL_MERGES:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_TTL_MERGES);
|
required_access.emplace_back(AccessType::SYSTEM_TTL_MERGES);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_TTL_MERGES, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_TTL_MERGES, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_MOVES: [[fallthrough]];
|
case Type::STOP_MOVES: [[fallthrough]];
|
||||||
case Type::START_MOVES:
|
case Type::START_MOVES:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_MOVES);
|
required_access.emplace_back(AccessType::SYSTEM_MOVES);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_MOVES, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_MOVES, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_FETCHES: [[fallthrough]];
|
case Type::STOP_FETCHES: [[fallthrough]];
|
||||||
case Type::START_FETCHES:
|
case Type::START_FETCHES:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_FETCHES);
|
required_access.emplace_back(AccessType::SYSTEM_FETCHES);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_FETCHES, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_FETCHES, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_DISTRIBUTED_SENDS: [[fallthrough]];
|
case Type::STOP_DISTRIBUTED_SENDS: [[fallthrough]];
|
||||||
case Type::START_DISTRIBUTED_SENDS:
|
case Type::START_DISTRIBUTED_SENDS:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_DISTRIBUTED_SENDS);
|
required_access.emplace_back(AccessType::SYSTEM_DISTRIBUTED_SENDS);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_DISTRIBUTED_SENDS, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_DISTRIBUTED_SENDS, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_REPLICATED_SENDS: [[fallthrough]];
|
case Type::STOP_REPLICATED_SENDS: [[fallthrough]];
|
||||||
case Type::START_REPLICATED_SENDS:
|
case Type::START_REPLICATED_SENDS:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_REPLICATED_SENDS);
|
required_access.emplace_back(AccessType::SYSTEM_REPLICATED_SENDS);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_REPLICATED_SENDS, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_REPLICATED_SENDS, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_REPLICATION_QUEUES: [[fallthrough]];
|
case Type::STOP_REPLICATION_QUEUES: [[fallthrough]];
|
||||||
case Type::START_REPLICATION_QUEUES:
|
case Type::START_REPLICATION_QUEUES:
|
||||||
{
|
{
|
||||||
if (query.table.empty())
|
if (query.table.empty())
|
||||||
required_access.emplace_back(AccessType::STOP_REPLICATION_QUEUES);
|
required_access.emplace_back(AccessType::SYSTEM_REPLICATION_QUEUES);
|
||||||
else
|
else
|
||||||
required_access.emplace_back(AccessType::STOP_REPLICATION_QUEUES, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_REPLICATION_QUEUES, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::SYNC_REPLICA:
|
case Type::SYNC_REPLICA:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::SYNC_REPLICA, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_SYNC_REPLICA, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::RESTART_REPLICA:
|
case Type::RESTART_REPLICA:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::RESTART_REPLICA, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_RESTART_REPLICA, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::RESTART_REPLICAS:
|
case Type::RESTART_REPLICAS:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::RESTART_REPLICA);
|
required_access.emplace_back(AccessType::SYSTEM_RESTART_REPLICA);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::FLUSH_DISTRIBUTED:
|
case Type::FLUSH_DISTRIBUTED:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::FLUSH_DISTRIBUTED, query.database, query.table);
|
required_access.emplace_back(AccessType::SYSTEM_FLUSH_DISTRIBUTED, query.database, query.table);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::FLUSH_LOGS:
|
case Type::FLUSH_LOGS:
|
||||||
{
|
{
|
||||||
required_access.emplace_back(AccessType::FLUSH_LOGS);
|
required_access.emplace_back(AccessType::SYSTEM_FLUSH_LOGS);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Type::STOP_LISTEN_QUERIES: break;
|
case Type::STOP_LISTEN_QUERIES: break;
|
||||||
|
|||||||
@ -1,11 +1,11 @@
|
|||||||
CREATE USER test_user_01073
|
CREATE USER test_user_01073
|
||||||
A
|
A
|
||||||
B
|
B
|
||||||
GRANT DELETE, INSERT ON *.* TO test_user_01073
|
GRANT ALTER DELETE, INSERT ON *.* TO test_user_01073
|
||||||
GRANT SELECT ON db1.* TO test_user_01073
|
GRANT SELECT ON db1.* TO test_user_01073
|
||||||
GRANT SELECT ON db2.table TO test_user_01073
|
GRANT SELECT ON db2.table TO test_user_01073
|
||||||
GRANT SELECT(col1) ON db3.table TO test_user_01073
|
GRANT SELECT(col1) ON db3.table TO test_user_01073
|
||||||
GRANT SELECT(col1, col2) ON db4.table TO test_user_01073
|
GRANT SELECT(col1, col2) ON db4.table TO test_user_01073
|
||||||
C
|
C
|
||||||
GRANT DELETE ON *.* TO test_user_01073
|
GRANT ALTER DELETE ON *.* TO test_user_01073
|
||||||
GRANT SELECT(col1) ON db4.table TO test_user_01073
|
GRANT SELECT(col1) ON db4.table TO test_user_01073
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user