Skip to content

sysview: add access for database admins #15098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 27, 2025
Merged

sysview: add access for database admins #15098

merged 3 commits into from
Feb 27, 2025

Conversation

ijon
Copy link
Collaborator

@ijon ijon commented Feb 26, 2025
edited
Loading

Give database admins the same unlimited rights to view system views about users, groups, and their permissions as cluster admins have.

For the ordinary users:

  • .sys/auth_groups and .sys/auth_group_members are closed
  • .sys/auth_users is filtered to show only the user himself

Cluster admins and now database admins do not have those restrictions.

Stacked on:

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 26, 2025
edited
Loading

🟢 2025-02-27 12:12:56 UTC The validation of the Pull Request description is successful.

@ijon ijon force-pushed the sysview-add-access-for-database-admins branch from ef9c2f9 to 619a392 Compare February 26, 2025 23:13
@ydb-platform ydb-platform deleted a comment from github-actions bot Feb 26, 2025
@ydb-platform ydb-platform deleted a comment from github-actions bot Feb 26, 2025
@ijon ijon force-pushed the sysview-add-access-for-database-admins branch from 619a392 to 58f76a0 Compare February 26, 2025 23:28
@ydb-platform ydb-platform deleted a comment from github-actions bot Feb 26, 2025
@ydb-platform ydb-platform deleted a comment from github-actions bot Feb 26, 2025
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@ijon ijon requested a review from kunga February 27, 2025 06:59
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@ijon ijon force-pushed the sysview-add-access-for-database-admins branch from 79da4f8 to 3189172 Compare February 27, 2025 12:10
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@ijon ijon force-pushed the sysview-add-access-for-database-admins branch from 3189172 to f0bb735 Compare February 27, 2025 13:49
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 27, 2025
edited
Loading

2025-02-27 15:23:54 UTC Pre-commit check linux-x86_64-release-asan for 83b963f has started.
2025-02-27 15:24:09 UTC Artifacts will be uploaded here
2025-02-27 15:27:12 UTC ya make is running...
🟡 2025-02-27 16:35:39 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
11992 11817 0 114 30 31

2025-02-27 16:37:39 UTC ya make is running... (failed tests rerun, try 2)
🟡 2025-02-27 16:49:28 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet Going to retry failed tests...

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
253 (only retried tests) 218 0 5 2 28

2025-02-27 16:49:39 UTC ya make is running... (failed tests rerun, try 3)
🟡 2025-02-27 17:01:29 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Test history | Ya make output | Test bloat | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
61 (only retried tests) 33 0 1 0 27

🟢 2025-02-27 17:01:40 UTC Build successful.
🟡 2025-02-27 17:02:08 UTC ydbd size 3.7 GiB changed* by +185.1 KiB, which is >= 100.0 KiB vs main: Warning

ydbd size dash main: c5b2980 merge: 83b963f diff diff %
ydbd size 3 985 411 216 Bytes 3 985 600 776 Bytes +185.1 KiB +0.005%
ydbd stripped size 1 387 765 576 Bytes 1 387 814 280 Bytes +47.6 KiB +0.004%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 27, 2025
edited
Loading

2025-02-27 15:29:01 UTC Pre-commit check linux-x86_64-relwithdebinfo for 83b963f has started.
2025-02-27 15:29:07 UTC Artifacts will be uploaded here
2025-02-27 15:31:52 UTC ya make is running...
🟡 2025-02-27 16:20:11 UTC Some tests failed, follow the links below. Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
19494 18147 0 4 1215 128

2025-02-27 16:22:24 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-02-27 16:35:04 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
192 (only retried tests) 66 0 0 0 126

🟢 2025-02-27 16:35:16 UTC Build successful.
🟢 2025-02-27 16:35:35 UTC ydbd size 2.1 GiB changed* by +84.2 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: c5b2980 merge: 83b963f diff diff %
ydbd size 2 286 685 160 Bytes 2 286 771 432 Bytes +84.2 KiB +0.004%
ydbd stripped size 479 417 824 Bytes 479 428 896 Bytes +10.8 KiB +0.002%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@ijon ijon enabled auto-merge (squash) February 27, 2025 16:55
@ijon ijon merged commit e285c7c into ydb-platform:main Feb 27, 2025
12 checks passed
@ijon ijon deleted the sysview-add-access-for-database-admins branch February 27, 2025 17:06
ijon added a commit to ijon/ydb that referenced this pull request Feb 28, 2025
@ijon
sysview: add access for database admins (ydb-platform#15098)
c148134 
Give database admins the same unlimited rights to view system views about users, groups, and their permissions as cluster admins have.

For the ordinary users:
- `.sys/auth_groups` and `.sys/auth_group_members` are closed
- `.sys/auth_users` is filtered to show only the user himself

Cluster admins and now database admins do not have those restrictions.
@ijon ijon linked an issue Feb 28, 2025 that may be closed by this pull request
Only cluster admin can access auth system views inside database #14234
Closed
@kunga kunga mentioned this pull request Feb 28, 2025
Closed
@ijon ijon mentioned this pull request Feb 28, 2025
Merged
lberserq pushed a commit to lberserq/ydb that referenced this pull request Mar 3, 2025
@ijon
sysview: add access for database admins (ydb-platform#15098)
a42e4bc 
Give database admins the same unlimited rights to view system views about users, groups, and their permissions as cluster admins have.

For the ordinary users:
- `.sys/auth_groups` and `.sys/auth_group_members` are closed
- `.sys/auth_users` is filtered to show only the user himself

Cluster admins and now database admins do not have those restrictions.
@GrigoriyPA GrigoriyPA mentioned this pull request Mar 4, 2025
Closed
@serbel324 serbel324 mentioned this pull request Mar 10, 2025
Merged
@kunga kunga mentioned this pull request Mar 11, 2025
Closed
19 tasks
@serbel324 serbel324 mentioned this pull request Mar 13, 2025
Merged
@alexnick88 alexnick88 mentioned this pull request Mar 19, 2025
Closed
blinkov pushed a commit that referenced this pull request Mar 21, 2025
@ijon @blinkov
sysview: add access for database admins (#15098)
996caeb 
Give database admins the same unlimited rights to view system views about users, groups, and their permissions as cluster admins have.

For the ordinary users:
- `.sys/auth_groups` and `.sys/auth_group_members` are closed
- `.sys/auth_users` is filtered to show only the user himself

Cluster admins and now database admins do not have those restrictions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kunga kunga kunga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Only cluster admin can access auth system views inside database
2 participants
@ijon @kunga