mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-24 08:32:02 +00:00
Merge pull request #24979 from nvartolomei/nv/parts-uuid-move-shard-acl
Part movement between shards ACL
This commit is contained in:
commit
d68338a792
@ -102,6 +102,9 @@ enum class AccessType
|
||||
M(KILL_QUERY, "", GLOBAL, ALL) /* allows to kill a query started by another user
|
||||
(anyone can kill his own queries) */\
|
||||
\
|
||||
M(MOVE_PARTITION_BETWEEN_SHARDS, "", GLOBAL, ALL) /* required to be able to move a part/partition to a table
|
||||
identified by it's ZooKeeper path */\
|
||||
\
|
||||
M(CREATE_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
|
||||
M(ALTER_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
|
||||
M(DROP_USER, "", GLOBAL, ACCESS_MANAGEMENT) \
|
||||
|
@ -288,15 +288,22 @@ AccessRightsElements InterpreterAlterQuery::getRequiredAccessForCommand(const AS
|
||||
}
|
||||
case ASTAlterCommand::MOVE_PARTITION:
|
||||
{
|
||||
if ((command.move_destination_type == DataDestinationType::DISK)
|
||||
|| (command.move_destination_type == DataDestinationType::VOLUME))
|
||||
switch (command.move_destination_type)
|
||||
{
|
||||
required_access.emplace_back(AccessType::ALTER_MOVE_PARTITION, database, table);
|
||||
}
|
||||
else if (command.move_destination_type == DataDestinationType::TABLE)
|
||||
{
|
||||
required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
|
||||
required_access.emplace_back(AccessType::INSERT, command.to_database, command.to_table);
|
||||
case DataDestinationType::DISK: [[fallthrough]];
|
||||
case DataDestinationType::VOLUME:
|
||||
required_access.emplace_back(AccessType::ALTER_MOVE_PARTITION, database, table);
|
||||
break;
|
||||
case DataDestinationType::TABLE:
|
||||
required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
|
||||
required_access.emplace_back(AccessType::INSERT, command.to_database, command.to_table);
|
||||
break;
|
||||
case DataDestinationType::SHARD:
|
||||
required_access.emplace_back(AccessType::SELECT | AccessType::ALTER_DELETE, database, table);
|
||||
required_access.emplace_back(AccessType::MOVE_PARTITION_BETWEEN_SHARDS);
|
||||
break;
|
||||
case DataDestinationType::DELETE:
|
||||
throw Exception(ErrorCodes::LOGICAL_ERROR, "Unexpected destination type for command.");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -54,6 +54,7 @@ DROP [] \N ALL
|
||||
TRUNCATE ['TRUNCATE TABLE'] TABLE ALL
|
||||
OPTIMIZE ['OPTIMIZE TABLE'] TABLE ALL
|
||||
KILL QUERY [] GLOBAL ALL
|
||||
MOVE PARTITION BETWEEN SHARDS [] GLOBAL ALL
|
||||
CREATE USER [] GLOBAL ACCESS MANAGEMENT
|
||||
ALTER USER [] GLOBAL ACCESS MANAGEMENT
|
||||
DROP USER [] GLOBAL ACCESS MANAGEMENT
|
||||
|
Loading…
Reference in New Issue
Block a user