Module rbac

Structs

• RbacRequirements 🔒
  RBAC requirements for executing a given plan.

Enums

• UnauthorizedError
  Errors that can occur due to an unauthorized action.

Statics

• CREATE_ITEM_USAGE
• DEFAULT_ITEM_USAGE 🔒
• EMPTY_ITEM_USAGE

Functions

• all_object_privileges
• check_object_privileges 🔒
• check_owner_roles 🔒
  Reports whether any role has ownership over an object.
• check_plan
  Checks if a session is authorized to execute a plan. If not, an error is returned.
• check_usage
  Checks if a session is authorized to use resolved_ids. If not, an error is returned.
• default_builtin_object_acl_mode 🔒
• default_builtin_object_privilege
• filter_requirements 🔒
  Filters RbacRequirements based on the session role metadata and RBAC related feature flags.
• generate_cluster_usage_privileges 🔒
• generate_rbac_requirements 🔒
  Generates all requirements needed to execute a given plan.
• generate_read_privileges 🔒
  Generates all the privileges required to execute a read that includes the objects in ids.
• generate_read_privileges_inner 🔒
• generate_required_source_privileges 🔒
• generate_usage_privileges 🔒
• is_rbac_enabled_for_session
  Returns true if RBAC is turned on for a session, false otherwise.
• owner_privilege
• ownership_err 🔒
• rbac_check_preamble 🔒
  Common checks that need to be performed before we can start checking a role’s privileges.
• support_builtin_object_privilege