mz_sql

Module rbac

Source

Structs§

RbacRequirements πŸ”’
RBAC requirements for executing a given plan.

Enums§

UnauthorizedError
Errors that can occur due to an unauthorized action.

Statics§

CREATE_ITEM_USAGE
DEFAULT_ITEM_USAGE πŸ”’
EMPTY_ITEM_USAGE

Functions§

all_object_privileges
check_object_privileges πŸ”’
check_owner_roles πŸ”’
Reports whether any role has ownership over an object.
check_plan
Checks if a session is authorized to execute a plan. If not, an error is returned.
check_usage
Checks if a session is authorized to use resolved_ids. If not, an error is returned.
default_builtin_object_acl_mode πŸ”’
default_builtin_object_privilege
filter_requirements πŸ”’
Filters RbacRequirements based on the session role metadata and RBAC related feature flags.
generate_cluster_usage_privileges πŸ”’
generate_rbac_requirements πŸ”’
Generates all requirements needed to execute a given plan.
generate_read_privileges πŸ”’
Generates all the privileges required to execute a read that includes the objects in ids.
generate_read_privileges_inner πŸ”’
generate_required_source_privileges πŸ”’
generate_usage_privileges πŸ”’
is_rbac_enabled_for_session
Returns true if RBAC is turned on for a session, false otherwise.
owner_privilege
ownership_err πŸ”’
rbac_check_preamble πŸ”’
Common checks that need to be performed before we can start checking a role’s privileges.
support_builtin_object_privilege