diff options
| author | coteeq <[email protected]> | 2025-09-01 22:01:26 +0300 |
|---|---|---|
| committer | coteeq <[email protected]> | 2025-09-01 22:21:51 +0300 |
| commit | 1e55a2cef76dc05c182b7e03a013c2900f04ca5d (patch) | |
| tree | ec8bd9c00f1f094e0fd664a23f93655a4398a379 | |
| parent | db34ab1ab683a1ba07596361a6de322c3b8b0746 (diff) | |
YT-19137: Rename EInapplicableExpressionMode ::Deny -> ::Fail
commit_hash:398fef83981c935130d9aa22ae5a97877cb87751
| -rw-r--r-- | yt/yt/client/driver/etc_commands.cpp | 2 | ||||
| -rw-r--r-- | yt/yt/client/security_client/public.h | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/yt/yt/client/driver/etc_commands.cpp b/yt/yt/client/driver/etc_commands.cpp index 7d3ae4312cf..03d42a5bfe2 100644 --- a/yt/yt/client/driver/etc_commands.cpp +++ b/yt/yt/client/driver/etc_commands.cpp @@ -179,7 +179,7 @@ void TCheckPermissionCommand::DoExecute(ICommandContextPtr context) // EInapplicableExpressionMode::Ignore is not a good choice in the common case // from security perspective, but it may be necessary to be able to have // tables with completely different schemas in one directory. - .DoIf(rlAce.InapplicableExpressionMode != EInapplicableExpressionMode::Deny, [&] (auto fluent) { + .DoIf(rlAce.InapplicableExpressionMode != EInapplicableExpressionMode::Fail, [&] (auto fluent) { fluent .Item(TSerializableAccessControlEntry::InapplicableExpressionModeKey) .Value(rlAce.InapplicableExpressionMode); diff --git a/yt/yt/client/security_client/public.h b/yt/yt/client/security_client/public.h index 7830999b02b..26b2d9b128c 100644 --- a/yt/yt/client/security_client/public.h +++ b/yt/yt/client/security_client/public.h @@ -101,7 +101,9 @@ DEFINE_ENUM(EAccessControlObject, ); DEFINE_ENUM(EInapplicableExpressionMode, - (Deny) + // Fail the read action (e.g. scheduler operation / read_table command / SPYT/CHYT query). + (Fail) + // Pretend that the RL ACE does not exist for the current read action. (Ignore) ); |