Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash
...
Try to fix some trash
2022-06-07 10:17:39 +02:00
Alexander Tokmakov
cce9057eef
fix style check
2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a
better code
2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f
Fix create or drop of sql user defined functions in readonly mode
2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695
Merge branch 'master' into fix_trash
2022-05-28 19:43:19 +02:00
Alexander Tokmakov
779e6ea0b9
make it better, fix on cluster queries
2022-05-25 20:17:49 +02:00
Vitaly Baranov
58f4a86ec7
Rework notifications used in access management.
2022-05-21 10:15:39 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant
2022-05-17 13:21:20 +02:00
Azat Khuzhin
01e1c5345a
Add separate CLUSTER grant
...
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.
Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)
So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:
DROP DATABASE default ON CLUSTER cluster_with_data
This is not 100% safe, but at least something.
Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.
v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
2022-05-16 13:57:45 +03:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers
...
Official docs:
Some headers from C library were deprecated in C++ and are no longer
welcome in C++ codebases. Some have no effect in C++. For more details
refer to the C++ 14 Standard [depr.c.headers] section. This check
replaces C standard library headers with their C++ alternatives and
removes redundant ones.
2022-05-09 08:23:33 +02:00
Amos Bird
4a5e4274f0
base should not depend on Common
2022-04-29 10:26:35 +08:00
Maksim Kita
47412c9619
Fixed unit tests
2022-02-10 19:31:02 +00:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp
2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp
2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp
2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp
2022-01-14 09:46:51 +08:00
huzhichengdd
d06486584b
Update ContextAccess.cpp
2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp
2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review
...
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp
2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp
2022-01-12 16:44:37 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp
2022-01-12 16:43:28 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp
2022-01-12 16:28:41 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp
2022-01-12 15:35:40 +08:00
huzhichengdd
5ffa16a8a6
fix ContextAccess constructor to avoid coredump
2022-01-10 02:31:55 +00:00
Vitaly Baranov
33ea7a7262
Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common.
2021-11-19 00:14:23 +03:00
Vitaly Baranov
afe2c9c040
Rename AccessControlManager -> AccessControl.
2021-11-02 14:06:20 +03:00
Alexey Milovidov
fe6b7c77c7
Rename "common" to "base"
2021-10-02 10:13:14 +03:00
tavplubix
341a6c51d6
Merging #24866 ( #28691 )
...
* Add StorageSystemISTables.cpp/.h
* Another attempt
* Columns and Views
* Add information schema db and fix information schema 'tables' table
* fix build
* remove copy-paste, add views to system tables
* add test
* fix
* fix_tests
Co-authored-by: Damir Petrov <petrovdamir2235@gmail.com>
Co-authored-by: Damir Petrov <0442a403@verstehen.sas.yp-c.yandex.net>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-09-09 12:37:51 +03:00
Vitaly Baranov
7afcc65060
Add new functions currentProfiles(), enabledProfiles(), defaultProfiles().
2021-07-22 22:20:53 +03:00
Vasily Nemkov
41278db6c3
Added support for getting current profiles at start.
...
This is required to add system.session_log table.
2021-07-19 11:50:41 +03:00
Vitaly Baranov
6c74b44729
Fix possible crash when login as dropped user.
2021-07-15 19:01:34 +03:00
Vitaly Baranov
1dc415596c
Fix race condition in ContextAccess.
2021-05-17 10:03:26 +03:00
Vitaly Baranov
d6e0342c30
Improvements in implementations of the classes AccessRights and GrantedRoles.
2021-03-14 19:12:35 +03:00
Alexey Milovidov
9c1516bd74
Slightly better for gcc-9
2020-12-21 03:41:22 +03:00
Alexey Milovidov
31b955e14a
Slightly better for gcc-9
2020-12-21 03:38:53 +03:00
Vitaly Baranov
d7a3cc8c90
Don't show the "_temporary_and_external_tables" database in system tables
...
system.databases, system.tables, system.columns.
2020-12-17 11:42:25 +03:00
Vitaly Baranov
a98e2311f8
Merge pull request #17908 from vitlibar/fix-checking-introspection-grants
...
Fix checking introspection grants
2020-12-14 12:10:17 +03:00
Vitaly Baranov
1b3893bcab
User with allow_ddl=0 cannot do DDL but can grant DDL.
2020-12-11 16:38:49 +03:00
Vitaly Baranov
648be453a4
User with allow_introspection_functions=0 cannot call introspection functions but can grant INTROSPECTION.
2020-12-11 16:38:49 +03:00
Vitaly Baranov
710ba6f617
Simplify class ContextAccess.
2020-12-11 16:38:45 +03:00
Alexey Milovidov
c9aa412151
Allow quotas to be keyed by proxy-forwarded IP address
2020-12-02 00:09:16 +03:00
Alexey Milovidov
32ed8c9681
Fix trailing whitespace
2020-10-26 22:12:40 +03:00
Vitaly Baranov
eddd26cf3a
Fix deadlock in InterpreterGrantQuery.
2020-10-13 01:03:47 +03:00
Vitaly Baranov
dbc837c148
IAccessStorage now can override the login() function.
2020-09-19 01:04:20 +03:00
Denis Glazachev
b68d7b6c24
Merge branch 'master' into ldap-per-user-authentication
2020-07-11 21:37:52 +04:00
Vitaly Baranov
30e3d61b01
Fix calculating implicit access rights.
2020-07-10 17:16:43 +03:00
Denis Glazachev
9effacfbc1
Merge branch 'master' into ldap-per-user-authentication
...
* master: (1102 commits)
Update README.md
Update README.md
Update README.md
Update index.md
[docs] add intrdocution for statements page (#12189 )
Revert "Run perf tests with memory sampling (for allocations >1M)"
Sanitize LINK_LIBRARIES property for the directories (#12160 )
[docs] refactor Domains overview (#12186 )
DOCS-647: toStartOfSecond (#12190 )
[docs] add intrdocution for commercial page (#12187 )
DOCSUP-1348 Russian translation for new functions (#133 ) (#12194 )
changelog fixes
Update index.md (#12191 )
Update zh kafka.md title (#12192 )
Added test for #3767
style fix for #12152
Tests for fixed issues #10846 and #7347
changelog fixes
[docs] introduction for special table engines (#12170 )
[docs] introduction for third-party interfaces (#12175 )
...
# Conflicts:
# src/Access/ya.make
# src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Vitaly Baranov
03b36c262e
Improve REVOKE command: now it requires only grant/admin option for only
...
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b
Fix partial revokes (complex cases).
2020-06-30 18:47:02 +03:00