Top.Mail.Ru
box.session.on_access_denied() | Tarantool
 
Reference / Built-in modules reference / Module box / Submodule box.session / box.session.on_access_denied()
Reference / Built-in modules reference / Module box / Submodule box.session / box.session.on_access_denied()

box.session.on_access_denied()

box.session.on_access_denied()

box.session.on_access_denied([trigger-function[, old-trigger-function]])

Define a trigger for reacting to user’s attempts to execute actions that are not within the user’s privileges.

Parameters:
  • trigger-function (function) – function which will become the trigger function
  • old-trigger-function (function) – existing trigger function which will be replaced by trigger-function
Return:

nil or function pointer

If the parameters are (nil, old-trigger-function), then the old trigger is deleted.

If both parameters are omitted, then the response is a list of existing trigger functions.

Details about trigger characteristics are in the triggers section.

Example:

For example, server administrator can log restricted actions like this:

tarantool> function on_access_denied(op, type, name)
         > log.warn('User %s tried to %s %s %s without required privileges', box.session.user(), op, type, name)
         > end
---
...
tarantool> box.session.on_access_denied(on_access_denied)
---
- 'function: 0x011b41af38'
...
tarantool> function test() print('you shall not pass') end
---
...
tarantool> box.schema.func.create('test')
---
...

Then, when some user without required privileges tries to call test() and gets the error, the server will execute this trigger and write to log “User *user_name* tried to Execute function test without required privileges”