[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Goden Yao updated HAWQ-1130: Assignee: Oleksandr Diachenko (was: Lei Chang) > Make HCatalog integration work with non-superusers > -- > > Key: HAWQ-1130 > URL: https://issues.apache.org/jira/browse/HAWQ-1130 > Project: Apache HAWQ > Issue Type: Improvement > Components: PXF >Reporter: Oleksandr Diachenko >Assignee: Oleksandr Diachenko > Fix For: 2.0.1.0-incubating > > > According to current implementation user who uses HCatalog integration > feature should have SELECT privileges for pg_authid, pg_user_mapping tables. > It's fine for superusers but we shouldn't expose them to non-superusers > because they store hashed user passwords. > Basically, the problem is how to determine max oid among all oid-having > tables. > Possible solutions: > * Creating view returning max oid and grant select privilege to public. > ** Cons: > *** Requires catalog upgrade; > * Reading current oid from shared memory. > ** Pros: > *** No catalog upgrade needed. > ** Cons: > *** Additional exclusive locks needed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleksandr Diachenko updated HAWQ-1130: -- Description: According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables. It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords. Basically, the problem is how to determine max oid among all oid-having tables. Possible solutions: * Creating view returning max oid and grant select privilege to public. ** Cons: *** Requires catalog upgrade; * Reading current oid from shared memory. ** Pros: *** No catalog upgrade needed. ** Cons: *** Additional exclusive locks needed. was: According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables. It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords. Basically, the problem is how to determine max oid among all oid-having tables. Possible solutions: * Creating view returning max oid and grant select privilege to public. ** Cons: *** Requires catalog upgrade; > Make HCatalog integration work with non-superusers > -- > > Key: HAWQ-1130 > URL: https://issues.apache.org/jira/browse/HAWQ-1130 > Project: Apache HAWQ > Issue Type: Improvement > Components: PXF >Reporter: Oleksandr Diachenko >Assignee: Lei Chang > Fix For: 2.0.1.0-incubating > > > According to current implementation user who uses HCatalog integration > feature should have SELECT privileges for pg_authid, pg_user_mapping tables. > It's fine for superusers but we shouldn't expose them to non-superusers > because they store hashed user passwords. > Basically, the problem is how to determine max oid among all oid-having > tables. > Possible solutions: > * Creating view returning max oid and grant select privilege to public. > ** Cons: > *** Requires catalog upgrade; > * Reading current oid from shared memory. > ** Pros: > *** No catalog upgrade needed. > ** Cons: > *** Additional exclusive locks needed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleksandr Diachenko updated HAWQ-1130: -- Description: According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables. It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords. Basically, the problem is how to determine max oid among all oid-having tables. Possible solutions: * Creating view returning max oid and grant select privilege to public. ** Cons: *** Requires catalog upgrade; was: According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables. It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords. > Make HCatalog integration work with non-superusers > -- > > Key: HAWQ-1130 > URL: https://issues.apache.org/jira/browse/HAWQ-1130 > Project: Apache HAWQ > Issue Type: Improvement > Components: PXF >Reporter: Oleksandr Diachenko >Assignee: Lei Chang > Fix For: 2.0.1.0-incubating > > > According to current implementation user who uses HCatalog integration > feature should have SELECT privileges for pg_authid, pg_user_mapping tables. > It's fine for superusers but we shouldn't expose them to non-superusers > because they store hashed user passwords. > Basically, the problem is how to determine max oid among all oid-having > tables. > Possible solutions: > * Creating view returning max oid and grant select privilege to public. > ** Cons: > *** Requires catalog upgrade; -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleksandr Diachenko updated HAWQ-1130: -- Description: According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables. It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords. > Make HCatalog integration work with non-superusers > -- > > Key: HAWQ-1130 > URL: https://issues.apache.org/jira/browse/HAWQ-1130 > Project: Apache HAWQ > Issue Type: Improvement > Components: PXF >Reporter: Oleksandr Diachenko >Assignee: Lei Chang > Fix For: 2.0.1.0-incubating > > > According to current implementation user who uses HCatalog integration > feature should have SELECT privileges for pg_authid, pg_user_mapping tables. > It's fine for superusers but we shouldn't expose them to non-superusers > because they store hashed user passwords. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HAWQ-1130) Make HCatalog integration work with non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleksandr Diachenko updated HAWQ-1130: -- Fix Version/s: 2.0.1.0-incubating > Make HCatalog integration work with non-superusers > -- > > Key: HAWQ-1130 > URL: https://issues.apache.org/jira/browse/HAWQ-1130 > Project: Apache HAWQ > Issue Type: Improvement > Components: PXF >Reporter: Oleksandr Diachenko >Assignee: Lei Chang > Fix For: 2.0.1.0-incubating > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
