fix(rbac): privilege exemption for db owner by sml#35209
fix(rbac): privilege exemption for db owner by sml#35209
Conversation
kailixu
requested review from
a team,
dapan1121 and
guanshengliang
as code owners
There was a problem hiding this comment.
Pull request overview
This PR adjusts RBAC authorization so that a database owner can perform schemaless (SML) inserts without needing explicit insert privileges, and adds a regression test to validate SML writes by a DB owner.
Changes:
- Update catalog auth checks to treat “DB owner” as authorized for SML insert flows in more cases.
- Extend DB-level auth to accept ownership via
ownedDbswhen checking DB-scoped privileges. - Add an integration test that creates a DB as a non-root user and verifies SML ingestion (InfluxDB line protocol + OpenTSDB telnet).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the catalog utility to allow database owners to perform schemaless inserts and pass basic authentication checks without explicit table-level privileges. Specifically, it adds ownership checks in ctgChkSetTbAuthRsp and ctgChkSetBasicAuthRes. Additionally, a new test case do_check_schemaless_db_owner was added to the RBAC test suite to verify that a database owner can successfully perform schemaless writes using InfluxDB and OpenTSDB protocols. I have no feedback to provide as the review comments were explanatory and did not identify any issues.
Description
Issue(s)
Checklist
Please check the items in the checklist if applicable.