thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-12 09:22:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
01e1c5345a
ClickHouse/src/Access
History
Azat Khuzhin 01e1c5345a Add separate CLUSTER grant 
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
2022-05-16 13:57:45 +03:00
..
Common Add separate CLUSTER grant 2022-05-16 13:57:45 +03:00
tests Added SYSTEM SYNC DATABASE query (#35944) 2022-05-01 15:40:18 +02:00
AccessControl.cpp Add separate CLUSTER grant 2022-05-16 13:57:45 +03:00
AccessControl.h Add separate CLUSTER grant 2022-05-16 13:57:45 +03:00
AccessEntityIO.cpp refactoring ParserAttachAccessEntity 2022-04-20 22:57:44 -04:00
AccessEntityIO.h refactoring ParserAttachAccessEntity 2022-04-20 22:57:44 -04:00
AccessRights.cpp base should not depend on Common 2022-04-29 10:26:35 +08:00
AccessRights.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Authentication.cpp argument changed to const ref 2022-04-12 09:31:32 -07:00
Authentication.h A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
CachedAccessChecking.cpp Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
CachedAccessChecking.h Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
CMakeLists.txt
ContextAccess.cpp Add separate CLUSTER grant 2022-05-16 13:57:45 +03:00
ContextAccess.h Add separate CLUSTER grant 2022-05-16 13:57:45 +03:00
Credentials.cpp A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
Credentials.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
DiskAccessStorage.cpp base should not depend on Common 2022-04-29 10:26:35 +08:00
DiskAccessStorage.h Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
EnabledQuota.cpp more strict quota for written bytes 2022-04-01 15:02:49 +00:00
EnabledQuota.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
EnabledRoles.cpp
EnabledRoles.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
EnabledRolesInfo.cpp
EnabledRolesInfo.h Add new functions currentRoles(), enabledRoles(), defaultRoles(). 2021-07-24 23:20:40 +03:00
EnabledRowPolicies.cpp Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
EnabledRowPolicies.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
EnabledSettings.cpp Add new functions currentProfiles(), enabledProfiles(), defaultProfiles(). 2021-07-22 22:20:53 +03:00
EnabledSettings.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
ExternalAuthenticators.cpp Activate clang-tidy warning "readability-container-contains" 2022-04-18 23:53:11 +02:00
ExternalAuthenticators.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
GrantedRoles.cpp Merge pull request #26707 from vitlibar/fix-set-role 2021-07-23 23:16:15 +03:00
GrantedRoles.h
GSSAcceptor.cpp Remove useless code 2021-11-20 10:06:28 +03:00
GSSAcceptor.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
IAccessEntity.cpp
IAccessEntity.h Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
IAccessStorage.cpp Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
IAccessStorage.h Merge pull request #35276 from vitlibar/fix-code-style-and-minor-corrections-after-allow-no-password 2022-03-16 18:55:05 +01:00
LDAPAccessStorage.cpp base should not depend on Common 2022-04-29 10:26:35 +08:00
LDAPAccessStorage.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
LDAPClient.cpp base should not depend on Common 2022-04-29 10:26:35 +08:00
LDAPClient.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
MemoryAccessStorage.cpp Activate clang-tidy warning "readability-container-contains" 2022-04-18 23:53:11 +02:00
MemoryAccessStorage.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
MultipleAccessStorage.cpp Activate clang-tidy warning "readability-container-contains" 2022-04-18 23:53:11 +02:00
MultipleAccessStorage.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Quota.cpp
Quota.h Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
QuotaCache.cpp Improve quota's end-of-interval calculations. 2021-12-11 13:56:38 +03:00
QuotaCache.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
QuotaUsage.cpp
QuotaUsage.h Rename Quota::KeyType -> QuotaKeyType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
ReplicatedAccessStorage.cpp Activate clang-tidy warning "readability-container-contains" 2022-04-18 23:53:11 +02:00
ReplicatedAccessStorage.h Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
Role.cpp
Role.h Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
RoleCache.cpp Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
RoleCache.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
RolesOrUsersSet.cpp clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
RolesOrUsersSet.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
RowPolicy.cpp Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
RowPolicy.h Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
RowPolicyCache.cpp Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00
RowPolicyCache.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
SettingsConstraints.cpp clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
SettingsConstraints.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
SettingsConstraintsAndProfileIDs.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
SettingsProfile.cpp
SettingsProfile.h Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
SettingsProfileElement.cpp Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
SettingsProfileElement.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
SettingsProfilesCache.cpp Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
SettingsProfilesCache.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
SettingsProfilesInfo.cpp Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
SettingsProfilesInfo.h Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
User.cpp Split Authentication.h to common and main parts. 2021-11-01 19:13:49 +03:00
User.h Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
UsersConfigAccessStorage.cpp Update Exception Message for allowed auth types 2022-05-11 10:56:12 -06:00
UsersConfigAccessStorage.h Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00