Access control list | Tarantool

Access control list

Enterprise Edition

Tarantool Cluster Manager is a part of the Enterprise Edition.

Tarantool Cluster Manager access control list (ACL) determines user access to particular data and functions stored in clusters. You can use it to allow or deny access to specific stored objects one by one.

Each ACL entry specifies privileges that a TCM user has on a particular space or a function. There are three access privileges that can be granted in the ACL: read, write, and execute (for stored functions only). The privileges work as follows:

  • Spaces:
    • Read: the user sees the space and its tuples on the Tuples and Explorer pages
    • Write: the user can add new and edit existing tuples of the space
  • Functions:
    • Read: the user sees the function on the Functions tab of the instance details page.
    • Write: the user can edit or delete the function
    • Execute: the user can call the function

Important

User access to space data and stored functions is primarily defined by the cluster permissions cluster.space.data.* and cluster.func.*. ACL only increases the access control granularity to particular objects. Make sure that users have these permissions before enabling ACL for them.

To granularly manage a user’s access to particular objects in a cluster, enable the use of ACL in the user profile:

  1. Go to Users and click Edit in the Actions menu of the corresponding table row.
  2. In the user’s Clusters list, add a cluster on which you want to use ACL or click the pencil icon if the cluster is already on the list.
  3. Select the Use Access Control List (ACL) checkbox and save changes.
  4. Repeat two previous steps for each cluster on which you want to use ACL for this user.
  5. Click Update to save the user account.

If the user doesn’t exist yet, you can do the same when creating it.

Important

When ACL use is enabled for a user, this user loses access to all spaces and functions of the selected cluster except the ones explicitly specified in the ACL.

The tools for managing ACL are located on the ACL page.

To add an ACL entry:

  1. Click Add.
  2. Select a user to which you want to grant access.
  3. Select a cluster that stores the target object: a space or a function.
  4. Select the target object type and enter its name.
  5. Select the privileges you want to grant.

To delete an ACL entry, click Delete in the Actions menu of the corresponding table row.

Found what you were looking for?
Feedback