[jira] [Commented] (HAWQ-24) Support superuser to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE

Wed, 18 Jan 2017 21:54:47 -0800 

    [ 
https://issues.apache.org/jira/browse/HAWQ-24?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829370#comment-15829370
 ] 

MongJu Jung commented on HAWQ-24:
---------------------------------

the below method works.

PGOPTIONS='-c gp_session_role=utility' psql

hope this helps!!

> Support superuser to GRANT/REVOKE CREATION privilege to/from non-superuser on 
> TABLESPACE
> ----------------------------------------------------------------------------------------
>
>                 Key: HAWQ-24
>                 URL: https://issues.apache.org/jira/browse/HAWQ-24
>             Project: Apache HAWQ
>          Issue Type: Wish
>          Components: DDL, Storage
>            Reporter: Ruilong Huo
>            Assignee: Lei Chang
>             Fix For: backlog
>
>
> It raises error "Cannot support GRANT/REVOKE on TABLESPACE statement" while 
> following the HAWQ guide 
> (http://hawq.docs.pivotal.io/docs-gpdb/admin_guide/ddl/ddl-tablespace.html) 
> to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE.
> {code}
> gpadmin=# GRANT CREATE ON TABLESPACE fstbs TO tstuser;
> ERROR:  Cannot support GRANT/REVOKE on TABLESPACE statement
> {code}
> As a consequence, with the user as SUPERUSER is possible to create tables on 
> top of the tablespace, but with a user as NOSUPERUSER its not possible:
> {code}
> tstuser=> CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs;
> NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 
> 'col01' as the Greenplum Database data distribution key for this table.
> HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make 
> sure column(s) chosen are the optimal data distribution key to minimize skew.
> ERROR:  permission denied for tablespace fstbs
> {code}
>  
> {code}
> gpadmin=# alter user tstuser with superuser;
> ALTER ROLE
> [gpadmin@ai2hdm1 ~]$ psql -d tstuser -U tstuser
> Password for user tstuser: 
> psql (8.2.15)
> Type "help" for help.
> tstuser=# CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs;
> NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 
> 'col01' as the Greenplum Database data distribution key for this table.
> HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make 
> sure column(s) chosen are the optimal data distribution key to minimize skew.
> CREATE TABLE
> {code}
> Due to security consideration, it is not acceptable for some HAWQ users to 
> always use SUPERUSER to create TABLESPACE.  Thus, we need to support:
> 1. Superuser can GRANT/REVOKE CREATION privilege to/from non-superuser on 
> TABLESPACE.
> 2. Non-supuser can create TABLESPACE once it is granted with creation 
> privilege.
> 3. Non-superuser to GRANT/REVOKE CREATION privilege on TABLESPACE to other 
> users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to