Grant runtime access to Lua functions via configuration

[TarantoolBot]

Product: Tarantool Since: 3.3 Root document:

• https://www.tarantool.io/en/doc/latest/reference/configuration/configuration_reference/

SME: @ mandesero @ Totktonada

Details

To be done together with #4462.

It is now possible to grant execution privileges for Lua functions through the declarative configuration, even when the database is in read-only mode or has an outdated schema version.

You can specify function permissions using the lua_call option in the configuration, for example:

credentials:
  users:
    alice:
      privileges:
        - permissions: [execute]
          lua_call: [my_func]

This grants the alice user permission to execute the my_func Lua function, regardless of the database's mode or status. The special option lua_call: [all] is also supported, granting access to all global Lua functions except built-in ones, bypassing database restrictions.

Privileges will still be written to the database when possible to maintain compatibility and consistency with other privilege types. Requested by @mandesero in https://github.com/tarantool/tarantool/commit/38c6b0d38254d5ebde82cd469366955e808798b0.

[Totktonada]

NB: Changed 'since 3.2' to 'since 3.3'. See https://github.com/tarantool/tarantool/issues/10310.