[
https://issues.apache.org/jira/browse/TRAFODION-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16480893#comment-16480893
]
ASF GitHub Bot commented on TRAFODION-1573:
-------------------------------------------
GitHub user robertamarton opened a pull request:
https://github.com/apache/trafodion/pull/1568
TRAFODION-1573: Additional GET commands for privileges
TRAFODION-3074: Failed to register/unregister user when security disabled
TRAFODION-1573 changes:
- Added support for the following commands:
get privileges on <object>
<object>: [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION |
SEQUENCE]
- Added support for the FOR CLAUSE on all supported objects
Removed the need to specify keyword 'USER" before username. If USER is
included, then it is ignored.
get privileges on <object> FOR [USER] <user or role name>
<objects>: [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
TABLE_MAPPING FUNCTIONS, SEQUENCES]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HIVEROLE role
get <objects> in schema hive.xx.xx;
<objects>: [TABLES, OBJECTS, VIEWS]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HBASEROLE role
get external hbase objects;
- The following get commands retrieve privilege details from Trafodion
metadata;
users can only see objects where they have been granted at least one
privilege
get hive registered tables in catalog trafodion;
get hbase registered tables in catalog trafodion;
- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.
TRAFODION-3074 changes
- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if
authorization
is not enabled
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion get-stmts
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafodion/pull/1568.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1568
----
commit 88e2a742b019dd8d22c22c79d1b64048395cfdb1
Author: Roberta Marton <roberta.marton@...>
Date: 2018-05-18T16:45:06Z
TRAFODION-1573: Additional GET commands for privileges
TRAFODION-3074: Failed to register/unregister user when security disabled
TRAFODION-1573 changes:
- Added support for the following commands:
get privileges on <object>
<object>: [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION |
SEQUENCE]
- Added support for the FOR CLAUSE on all supported objects
Removed the need to specify keyword 'USER" before username. If USER is
included, then it is ignored.
get privileges on <object> FOR [USER] <user or role name>
<objects>: [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
TABLE_MAPPING FUNCTIONS, SEQUENCES]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HIVEROLE role
get <objects> in schema hive.xx.xx;
<objects>: [TABLES, OBJECTS, VIEWS]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HBASEROLE role
get external hbase objects;
- The following get commands retrieve privilege details from Trafodion
metadata;
users can only see objects where they have been granted at least one
privilege
get hive registered tables in catalog trafodion;
get hbase registered tables in catalog trafodion;
- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.
TRAFODION-3074 changes
- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if
authorization
is not enabled
----
> Additional GET commands for privileges
> --------------------------------------
>
> Key: TRAFODION-1573
> URL: https://issues.apache.org/jira/browse/TRAFODION-1573
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
> Affects Versions: 1.3-incubating
> Reporter: Roberta Marton
> Assignee: Roberta Marton
> Priority: Major
>
> There are several GET PRIVILEGES commands that would be useful in describing
> security attributes for an object. Many of these commands exists for
> component privileges but need to be added for other objects.
> This is a proposal to add the following commands:
> GET PRIVILEGES ON <object>
> GET PRIVILEGES ON <object> FOR <authid>
> <object> is:
> libraries
> procedures
> functions (table_mapping functions)
> views
> tables
> sequence generators
> <authID> is:
> USER <username>
> ROLE <role name>
> auth name (gets USER and ROLE)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
