Grant runtime access to Lua functions via configuration

[TarantoolBot]

Product: Tarantool
Since: 3.3
Root document:

• https://www.tarantool.io/en/doc/latest/reference/configuration/configuration_reference/

SME: @ mandesero @ Totktonada

Details

To be done together with #4462.

It is now possible to grant execution privileges for Lua functions
through the declarative configuration, even when the database is in
read-only mode or has an outdated schema version. You might also
permit guest to execute Lua functions before the initial bootstrap.

You can specify function permissions using the lua_call option in
the configuration, for example:

credentials:
  users:
    alice:
      privileges:
        - permissions: [execute]
          lua_call: [my_func]

This grants the alice user permission to execute the my_func Lua
function, regardless of the database's mode or status. The special option
lua_call: [all] is also supported, granting access to all global Lua
functions except built-in ones, bypassing database restrictions.

Privileges will still be written to the database when possible to
maintain compatibility and consistency with other privilege types.
Requested by @mandesero in tarantool/tarantool@38c6b0d.

[Totktonada]

NB: Changed 'since 3.2' to 'since 3.3'. See tarantool/tarantool#10310.

[georgiy-belyanin]

NB: changed

It is now possible to grant execution privileges for Lua functions
through the declarative configuration, even when the database is in
read-only mode or has an outdated schema version.

-> 

It is now possible to grant execution privileges for Lua functions
through the declarative configuration, even when the database is in
read-only mode or has an outdated schema version. You might also
permit `guest` to execute Lua functions before the initial bootstrap.