Commit Graph

71 Commits

Author SHA1 Message Date
Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash
Try to fix some trash
2022-06-07 10:17:39 +02:00
Alexander Tokmakov
cce9057eef fix style check 2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f Fix create or drop of sql user defined functions in readonly mode 2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant 2022-05-17 13:21:20 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
2022-05-16 13:57:45 +03:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers
Official docs:

  Some headers from C library were deprecated in C++ and are no longer
  welcome in C++ codebases. Some have no effect in C++. For more details
  refer to the C++ 14 Standard [depr.c.headers] section. This check
  replaces C standard library headers with their C++ alternatives and
  removes redundant ones.
2022-05-09 08:23:33 +02:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp 2022-01-12 16:44:37 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp 2022-01-12 16:43:28 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp 2022-01-12 16:28:41 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp 2022-01-12 15:35:40 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
Vitaly Baranov
33ea7a7262 Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
afe2c9c040 Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
Alexey Milovidov
fe6b7c77c7 Rename "common" to "base" 2021-10-02 10:13:14 +03:00
tavplubix
341a6c51d6
Merging #24866 (#28691)
* Add StorageSystemISTables.cpp/.h

* Another attempt

* Columns and Views

* Add information schema db and fix information schema 'tables' table

* fix build

* remove copy-paste, add views to system tables

* add test

* fix

* fix_tests

Co-authored-by: Damir Petrov <petrovdamir2235@gmail.com>
Co-authored-by: Damir Petrov <0442a403@verstehen.sas.yp-c.yandex.net>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2021-09-09 12:37:51 +03:00
Vitaly Baranov
7afcc65060 Add new functions currentProfiles(), enabledProfiles(), defaultProfiles(). 2021-07-22 22:20:53 +03:00
Vasily Nemkov
41278db6c3 Added support for getting current profiles at start.
This is required to add system.session_log table.
2021-07-19 11:50:41 +03:00
Vitaly Baranov
6c74b44729 Fix possible crash when login as dropped user. 2021-07-15 19:01:34 +03:00
Vitaly Baranov
1dc415596c Fix race condition in ContextAccess. 2021-05-17 10:03:26 +03:00
Vitaly Baranov
d6e0342c30 Improvements in implementations of the classes AccessRights and GrantedRoles. 2021-03-14 19:12:35 +03:00
Alexey Milovidov
9c1516bd74 Slightly better for gcc-9 2020-12-21 03:41:22 +03:00
Alexey Milovidov
31b955e14a Slightly better for gcc-9 2020-12-21 03:38:53 +03:00
Vitaly Baranov
d7a3cc8c90 Don't show the "_temporary_and_external_tables" database in system tables
system.databases, system.tables, system.columns.
2020-12-17 11:42:25 +03:00
Vitaly Baranov
a98e2311f8
Merge pull request #17908 from vitlibar/fix-checking-introspection-grants
Fix checking introspection grants
2020-12-14 12:10:17 +03:00
Vitaly Baranov
1b3893bcab User with allow_ddl=0 cannot do DDL but can grant DDL. 2020-12-11 16:38:49 +03:00
Vitaly Baranov
648be453a4 User with allow_introspection_functions=0 cannot call introspection functions but can grant INTROSPECTION. 2020-12-11 16:38:49 +03:00
Vitaly Baranov
710ba6f617 Simplify class ContextAccess. 2020-12-11 16:38:45 +03:00
Alexey Milovidov
c9aa412151 Allow quotas to be keyed by proxy-forwarded IP address 2020-12-02 00:09:16 +03:00
Alexey Milovidov
32ed8c9681 Fix trailing whitespace 2020-10-26 22:12:40 +03:00
Vitaly Baranov
eddd26cf3a Fix deadlock in InterpreterGrantQuery. 2020-10-13 01:03:47 +03:00
Vitaly Baranov
dbc837c148 IAccessStorage now can override the login() function. 2020-09-19 01:04:20 +03:00
Denis Glazachev
b68d7b6c24
Merge branch 'master' into ldap-per-user-authentication 2020-07-11 21:37:52 +04:00
Vitaly Baranov
30e3d61b01 Fix calculating implicit access rights. 2020-07-10 17:16:43 +03:00
Denis Glazachev
9effacfbc1 Merge branch 'master' into ldap-per-user-authentication
* master: (1102 commits)
  Update README.md
  Update README.md
  Update README.md
  Update index.md
  [docs] add intrdocution for statements page (#12189)
  Revert "Run perf tests with memory sampling (for allocations >1M)"
  Sanitize LINK_LIBRARIES property for the directories (#12160)
  [docs] refactor Domains overview (#12186)
  DOCS-647: toStartOfSecond (#12190)
  [docs] add intrdocution for commercial page (#12187)
  DOCSUP-1348 Russian translation for new functions (#133) (#12194)
  changelog fixes
  Update index.md (#12191)
  Update zh kafka.md title (#12192)
  Added test for #3767
  style fix for #12152
  Tests for fixed issues #10846 and #7347
  changelog fixes
  [docs] introduction for special table engines (#12170)
  [docs] introduction for third-party interfaces (#12175)
  ...

# Conflicts:
#	src/Access/ya.make
#	src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Vitaly Baranov
03b36c262e Improve REVOKE command: now it requires only grant/admin option for only
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b Fix partial revokes (complex cases). 2020-06-30 18:47:02 +03:00