[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers

[Oleksandr Diachenko (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Diachenko updated HAWQ-1130:
--------------------------------------
    Description: 
According to current implementation user who uses HCatalog integration feature 
should have SELECT privileges for pg_authid, pg_user_mapping tables.
It's fine for superusers but we shouldn't expose them to non-superusers because 
they store hashed user passwords.

Basically, the problem is how to determine max oid among all oid-having tables.

Possible solutions:

* Creating view returning max oid and grant select privilege to public.
** Cons:
*** Requires catalog upgrade;
* Reading current oid from shared memory.
** Pros:
*** No catalog upgrade needed.
** Cons:
*** Additional exclusive locks needed.

  was:
According to current implementation user who uses HCatalog integration feature 
should have SELECT privileges for pg_authid, pg_user_mapping tables.
It's fine for superusers but we shouldn't expose them to non-superusers because 
they store hashed user passwords.

Basically, the problem is how to determine max oid among all oid-having tables.

Possible solutions:

* Creating view returning max oid and grant select privilege to public.
** Cons:
*** Requires catalog upgrade;


> Make HCatalog integration work with non-superusers
> --------------------------------------------------
>
>                 Key: HAWQ-1130
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1130
>             Project: Apache HAWQ
>          Issue Type: Improvement
>          Components: PXF
>            Reporter: Oleksandr Diachenko
>            Assignee: Lei Chang
>             Fix For: 2.0.1.0-incubating
>
>
> According to current implementation user who uses HCatalog integration 
> feature should have SELECT privileges for pg_authid, pg_user_mapping tables.
> It's fine for superusers but we shouldn't expose them to non-superusers 
> because they store hashed user passwords.
> Basically, the problem is how to determine max oid among all oid-having 
> tables.
> Possible solutions:
> * Creating view returning max oid and grant select privilege to public.
> ** Cons:
> *** Requires catalog upgrade;
> * Reading current oid from shared memory.
> ** Pros:
> *** No catalog upgrade needed.
> ** Cons:
> *** Additional exclusive locks needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)