Open TCeason opened 3 weeks ago
If this pull request is ready for review, please mark it as Ready for review.
If it is not yet ready, I would prefer to be removed from the reviewer list to avoid being overwhelmed by notifications from pushes. ๐ค
Reviewed 13 of 38 files at r1, 13 of 22 files at r3, all commit messages. Reviewable status: 26 of 40 files reviewed, 4 unresolved discussions (waiting on @TCeason and @ZhiHanZ)
src/meta/proto-conv/src/util.rs
line 122 at r3 (raw file):(88, "2024-04-17: Add: SequenceMeta"), (89, "2024-04-19: Add: geometry_output_format settings"), (90, "2024-05-09: Add: GrantTaskObject"),
The name of the new message is
OwnershipTaskObject
?
Two
owenrship.proto added the OwnershipTaskObject
user.proto added GrantTaskObject
This pr can be merged when this pr https://github.com/datafuselabs/databend/pull/15496 released.
pr-15458-297dc76
note: this image tag is only available for internal use, please check the internal doc for more details.
I generate some case and test this pr in cloud dev: warehouse 'task_p'.
So I think we can review this pr now. cc @flaneur2020 @ZhiHanZ
I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/
Summary
Ownership cover Task Object
Added Task to OwnershipObject, storing the task name (After confirmation that the task will not have a rename operation, storing the name is more appropriate)
task. proto adds task_names. Added owner judgment in tasks/task_history_table.rs
owenrship.proto added the OwnershipTaskObject
user.proto added GrantTaskObject
Add the global permission to CREATE TASK. drop/alter task requires the DROP/ALTER permission. Only the owner of a task can execute the show/desc/execute task command
Delete showtasksinterpreter
grant task ownership when a task is created and revoke task ownership when a task is dropped
Add list_tasks_ownerships and only list __fd_object_owners//task-by-name/ prefix
if user has global Super privilege, it can execute/drop/alter/create/show all tasks and tasks_history
Attention:
The ddl operation of the task also retains the previous permission verification. That so long as has the Global level of super permissions can be to create a task/drop/execute/desc/show.
Integration testing is somewhat difficult and has been tested manually in the dev environment. warehouse 'task_p'.
Tests
Type of change
This change isโ