1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
box.execute("CREATE TABLE supersecret(id INT PRIMARY KEY, data TEXT);")
---
- row_count: 1
...
box.execute("CREATE TABLE supersecret2(id INT PRIMARY KEY, data TEXT);")
---
- row_count: 1
...
box.execute("INSERT INTO supersecret VALUES(1, 'very very big secret');")
---
- row_count: 1
...
box.execute("INSERT INTO supersecret2 VALUES(1, 'very big secret 2');")
---
- row_count: 1
...
box.execute("CREATE VIEW supersecret_leak AS SELECT * FROM supersecret, supersecret2;")
---
- row_count: 1
...
remote = require 'net.box'
---
...
cn = remote.connect(box.cfg.listen)
---
...
box.schema.user.grant('guest','read', 'space', 'SUPERSECRET_LEAK')
---
...
cn:execute('SELECT * FROM SUPERSECRET_LEAK')
---
- error: Read access to space 'SUPERSECRET' is denied for user 'guest'
...
box.schema.user.grant('guest','read', 'space', 'SUPERSECRET')
---
...
cn:execute('SELECT * FROM SUPERSECRET_LEAK')
---
- error: Read access to space 'SUPERSECRET2' is denied for user 'guest'
...
box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET')
---
...
box.schema.user.revoke('guest','read', 'space', 'SUPERSECRET_LEAK')
---
...
box.execute("DROP VIEW supersecret_leak")
---
- row_count: 1
...
box.execute("DROP TABLE supersecret")
---
- row_count: 1
...
box.execute("DROP TABLE supersecret2")
---
- row_count: 1
...
|
