Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(query): check view's inner table privilege when create or alter view #14986

Merged
merged 3 commits into from
Mar 20, 2024
Merged

feat(query): check view's inner table privilege when create or alter view #14986

merged 3 commits into from
Mar 20, 2024

Conversation

TCeason
Copy link
Collaborator

@TCeason TCeason commented Mar 18, 2024

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

Note:

Select view no need to check the inner table privilege.

Because the user only can query view when the admin user grant select on the view to the user.

So the admin user needs to know why the user need access this view.

This pr is avoid that:

User only has create or alter on db. And then the user can query table as create or alter view. Like this:

--root
grant create on default.* to a;
--user a
create view v_t1 as select * from t1; -- If it can be success, the user can query table t1 according to query view v_t1. It maybe dangerous.
  • Fixes #[Link the issue here]

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

@github-actions github-actions bot added the pr-feature this PR introduces a new feature to the codebase label Mar 18, 2024
@TCeason
Copy link
Collaborator Author

TCeason commented Mar 18, 2024

The view is also a table . So create/alter/drop view need consider ownership? cc @flaneur2020

@TCeason
feat: check view's inner table privilege when create or alter view
cf1557f 
Note:

Select view no need to check the inner table privilege.

Because the user only can query view when the admin user grant select on
the view to the user.

So the admin user needs to know why the user need access this view.

This pr is avoid that:

User only has create or alter on db. And then the user can query table
as create or alter view. Like this:

```sql
--root
grant create on default.* to a;
--user a
create view v_t1 as select * from t1; -- If it can be success, the user
a can query table t1 according to query view v_t1. It maybe dangerous.
```
@TCeason TCeason requested review from flaneur2020 and sundy-li March 18, 2024 02:36
@TCeason TCeason requested a review from sundy-li March 20, 2024 01:35
@TCeason
Copy link
Collaborator Author

TCeason commented Mar 20, 2024

Please review this pr. cc @flaneur2020 @sundy-li

flaneur2020
flaneur2020 approved these changes Mar 20, 2024
View reviewed changes
Copy link
Member

@flaneur2020 flaneur2020 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@BohuTANG BohuTANG merged commit 74d540a into databendlabs:main Mar 20, 2024
72 checks passed
@github-actions github-actions bot mentioned this pull request May 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flaneur2020 flaneur2020 flaneur2020 approved these changes

@sundy-li sundy-li sundy-li approved these changes

Assignees
No one assigned
Labels
pr-feature this PR introduces a new feature to the codebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@TCeason @flaneur2020 @sundy-li @BohuTANG