Module mz_adapter::rbac

Macros

• rbac_preamble 🔒
  Common checks that need to be performed before we can start checking a role’s privileges.

Enums

• UnauthorizedError
  Errors that can occur due to an unauthorized action.

Functions

• all_object_privileges 🔒
• check_item_usage
  Checks if a session is authorized to use resolved_ids. If not, an error is returned.
• check_object_privileges 🔒
• check_owner_roles 🔒
  Reports whether any role has ownership over an object.
• check_plan
  Checks if a session is authorized to execute a plan. If not, an error is returned.
• check_superuser_required 🔒
• default_builtin_object_privilege 🔒
• generate_cluster_usage_privileges 🔒
• generate_item_usage_privileges 🔒
• generate_read_privileges 🔒
  Generates all the privileges required to execute a read that includes the objects in ids.
• generate_read_privileges_inner 🔒
• generate_required_ownership 🔒
  Generates the ownership required to execute a given plan.
• generate_required_privileges 🔒
  Generates the privileges required to execute a given plan.
• generate_required_role_membership
  Generates the role membership required to execute a give plan.
• generate_required_source_privileges 🔒
• is_rbac_enabled_for_session
  Returns true if RBAC is turned on for a session, false otherwise.
• owner_privilege 🔒
• ownership_err 🔒
• requires_item_usage_privileges 🔒
  true if the plan requires USAGE privileges on all applicable items, false otherwise.