Extended permissions in whoami

[azevaykin]

Changelog entry

Added extended whoami output to include effective permissions (token required, admin/monitoring/viewer/database).

User SID: user@domain

Group SIDs:
group1@domain
group2@domain

Effective permissions:
Token required: true
Database access allowed: true
Viewer access allowed: true
Monitoring access allowed: false
Administration access allowed: false

Changelog category

• Improvement

Description for reviewers

...

[ydbot]

Run Extra Tests

Run additional tests for this PR. You can customize:

• Test Size: small, medium, large (default: all)
• Test Targets: any directory path (default: ydb/)
• Sanitizers: ASAN, MSAN, TSAN
• Coredumps: enable for debugging (default: off)
• Additional args: custom ya make arguments

[github-actions]

⚪ 2026-01-28 14:43:38 UTC Pre-commit check linux-x86_64-relwithdebinfo for 32e62dc has started.
⚪ 2026-01-28 14:43:42 UTC Artifacts will be uploaded here
⚪ 2026-01-28 14:45:10 UTC ya make is running...
⚫ 2026-01-28 15:42:23 UTC Check cancelled

[github-actions]

⚪ 2026-01-28 14:43:49 UTC Pre-commit check linux-x86_64-release-asan for 32e62dc has started.
⚪ 2026-01-28 14:44:35 UTC Artifacts will be uploaded here
⚪ 2026-01-28 14:46:41 UTC ya make is running...
⚫ 2026-01-28 15:42:22 UTC Check cancelled

[github-actions]

🟢 2026-01-28 15:47:49 UTC The validation of the Pull Request description is successful.

[Copilot]

Pull request overview

This PR extends the WhoAmI functionality in the YDB discovery service to return effective permission information about the authenticated user, including whether a token is required and what level of access the user has (Database, Viewer, Monitoring, or Administration).

Changes:

• Added permission fields to the WhoAmI protobuf message and response handling
• Extended the SDK client to expose permission checking methods
• Updated the CLI to display effective permissions when the --groups flag is used
• Added comprehensive unit tests covering various permission scenarios

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
ydb/public/api/protos/ydb_discovery.proto	Added 5 boolean fields for permission information to WhoAmIResult message
ydb/public/sdk/cpp/include/ydb-cpp-sdk/client/discovery/discovery.h	Added permission getter methods and member variables to TWhoAmIResult class
ydb/public/sdk/cpp/src/client/discovery/discovery.cpp	Implemented permission extraction from proto and getter method implementations
ydb/public/lib/ydb_cli/commands/ydb_service_discovery.cpp	Added permission output display in CLI when --groups flag is used
ydb/core/grpc_services/rpc_whoami.cpp	Implemented server-side permission checking logic with proper hierarchy (Administration > Monitoring > Viewer > Database)
ydb/services/ydb/ydb_whoami_ut.cpp	Added comprehensive unit tests covering all permission scenarios and edge cases
ydb/services/ydb/ut/ya.make	Updated build configuration to include new test file and discovery client dependency

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

⚪ 2026-01-28 15:44:17 UTC Pre-commit check linux-x86_64-release-asan for 291c92c has started.
⚪ 2026-01-28 15:44:37 UTC Artifacts will be uploaded here
⚪ 2026-01-28 15:46:54 UTC ya make is running...
⚫ 2026-01-28 17:03:25 UTC Check cancelled

[github-actions]

⚪ 2026-01-28 15:44:37 UTC Pre-commit check linux-x86_64-relwithdebinfo for 291c92c has started.
⚪ 2026-01-28 15:44:55 UTC Artifacts will be uploaded here
⚪ 2026-01-28 15:47:08 UTC ya make is running...
⚫ 2026-01-28 17:03:30 UTC Check cancelled

[github-actions]

⚪ 2026-01-28 17:04:40 UTC Pre-commit check linux-x86_64-relwithdebinfo for 4eba80a has started.

[github-actions]

⚪ 2026-01-28 17:08:11 UTC Pre-commit check linux-x86_64-release-asan for 4eba80a has started.
⚪ 2026-01-28 17:08:28 UTC Artifacts will be uploaded here
⚪ 2026-01-28 17:10:44 UTC ya make is running...
🟡 2026-01-28 18:23:29 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
16972	16774	0	85	84	29

🟢 2026-01-28 18:23:40 UTC Build successful.
🟢 2026-01-28 18:24:13 UTC ydbd size 3.9 GiB changed* by +33.7 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 93cceb9	merge: 4eba80a	diff	diff %
ydbd size	4 156 472 856 Bytes	4 156 507 408 Bytes	+33.7 KiB	+0.001%
ydbd stripped size	1 554 794 160 Bytes	1 554 811 504 Bytes	+16.9 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}