thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-21 15:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement partial revokes.

Browse Source
This commit is contained in:
Vitaly Baranov 2020-02-05 06:17:43 +03:00
parent 3706b9d92a
commit d2ff1e5dd4
4 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dbms/src/Core/Settings.h
View File

@ -392,6 +392,8 @@ struct Settings : public SettingsCollection<Settings>
M(SettingBool, optimize_if_chain_to_miltiif, false, "Replace if(cond1, then1, if(cond2, ...)) chains to multiIf. Currently it's not beneficial for numeric types.", 0) \
M(SettingBool, allow_experimental_alter_materialized_view_structure, false, "Allow atomic alter on Materialized views. Work in progress.", 0) \
\
M(SettingBool, partial_revokes, false, "Makes it possible to revoke privileges partially.", 0) \
\
/** Obsolete settings that do nothing but left for compatibility reasons. Remove each one after half a year of obsolescence. */ \
\
M(SettingBool, allow_experimental_low_cardinality_type, true, "Obsolete setting, does nothing. Will be removed after 2019-08-13", 0) \

6
dbms/src/Interpreters/InterpreterGrantQuery.cpp
View File

@ -32,6 +32,12 @@ BlockIO InterpreterGrantQuery::execute()
if (query.grant_option)
updated_user->access_with_grant_option.grant(query.access_rights_elements, current_database);
}
else if (context.getSettingsRef().partial_revokes)
{
updated_user->access_with_grant_option.partialRevoke(query.access_rights_elements, current_database);
if (!query.grant_option)
updated_user->access.partialRevoke(query.access_rights_elements, current_database);
}
else
{
updated_user->access_with_grant_option.revoke(query.access_rights_elements, current_database);

5
dbms/tests/queries/0_stateless/01074_partial_revokes.reference Normal file
View File

@ -0,0 +1,5 @@
A
GRANT SELECT ON *.* TO test_user_01074
B
GRANT SELECT ON *.* TO test_user_01074
REVOKE SELECT ON db.* FROM test_user_01074

15
dbms/tests/queries/0_stateless/01074_partial_revokes.sql Normal file
View File

@ -0,0 +1,15 @@
DROP USER IF EXISTS test_user_01074;
CREATE USER test_user_01074;
SELECT 'A';
SET partial_revokes=0;
GRANT SELECT ON *.* TO test_user_01074;
REVOKE SELECT ON db.* FROM test_user_01074;
SHOW GRANTS FOR test_user_01074;
SELECT 'B';
SET partial_revokes=1;
REVOKE SELECT ON db.* FROM test_user_01074;
SHOW GRANTS FOR test_user_01074;
DROP USER test_user_01074;