You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/admin/access_control.rst
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,9 @@ The main concepts of Tarantool access control system are as follows:
12
12
* A *privilege* allows a user to perform certain operations on specific objects, for example, creating spaces, reading or updating data.
13
13
* A *role* is a named collection of privileges that can be granted to a user.
14
14
15
+
.. note::
15
16
17
+
The full list of object types and permissions is available in the :ref:`access_control_list` section.
16
18
17
19
.. _access_control_overview:
18
20
@@ -114,12 +116,21 @@ The privileges granted to a user determine which operations the user can perform
114
116
* The ``read`` and ``write`` permissions granted to the ``space`` :ref:`object <access_control_concepts_objects>` allow a user to read or modify data in the specified space.
115
117
* The ``create`` permission granted to the ``space`` object allows a user to create new spaces.
116
118
* The ``execute`` permission granted to the ``function`` object allows a user to execute the specified function.
117
-
* The ``session`` permission granted to a user allows connecting to an instance over IPROTO.
119
+
* The ``session`` permission granted to the ``universe`` object allows a user to connect to an instance over IPROTO.
120
+
* The ``usage`` permission granted to ``universe`` object allows a user to use his privileges on database objects (for example, read, write, and alter space).
121
+
* The ``alter`` permission granted to a user allows modifying its own settings, for example, a password.
122
+
* The ``drop`` permission granted to a user allows dropping users.
123
+
124
+
.. note::
125
+
126
+
The full lists of object types and the permissions supported for them are available in the
127
+
:ref:`access_control_list_privileges` and :ref:`access_control_list_objects_and_privileges` sections.
118
128
119
129
Note that some privileges might require read and write access to certain system spaces.
120
130
For example, the ``create`` permission granted to the ``space`` object requires ``read`` and ``write`` permissions to the :ref:`_space <box_space-space>` system space.
121
131
Similarly, granting the ability to create functions requires ``read`` and ``write`` access to the :ref:`_func <box_space-func>` space.
122
132
133
+
123
134
.. NOTE::
124
135
125
136
Information about privileges is stored in the :ref:`_priv <box_space-priv>` space.
0 commit comments