[GitHub] trafodion pull request #1723: TRAFODION - 3218 User still has privilege afte...

[robertamarton]

GitHub user robertamarton opened a pull request:

    https://github.com/apache/trafodion/pull/1723

    TRAFODION - 3218 User still has privilege after user's role has been …

    …revoked ...
    
    Partial support for column level privileges with QI support for:
    
      column select
      column insert
      column references
      column update
    
    Also, as part of this, updated privilege code in a couple of areas:
    
    Changed object caching code in NATable and NARoutine to store all privileges
    assigned to the object when the object is cached (privDescs_).  During the 
load
    operation, the code creates bitmaps (privInfo_) for the current user.  
Privilege
    checks are performed against the user bitmaps (privInfo_).  This is in
    anticipation for some performance updates when connecting to Trafodion 
(mxosrvr)
    with different users.
    
    Change getRoleList to include the roleID and the granteeID that granted the
    privilege. The grantee can be a user or a role.
    
    When a privilege is revoked from a role, send QI keys for every user that 
has
    been granted to role.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion qi-issue

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafodion/pull/1723.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1723
    
----
commit adf2b8f23d87bd3bdcccf64523b730a4c9b57843
Author: Roberta Marton <roberta.marton@...>
Date:   2018-10-03T17:54:39Z

    TRAFODION - 3218 User still has privilege after user's role has been 
revoked ...
    
    Partial support for column level privileges with QI support for:
    
      column select
      column insert
      column references
      column update
    
    Also, as part of this, updated privilege code in a couple of areas:
    
    Changed object caching code in NATable and NARoutine to store all privileges
    assigned to the object when the object is cached (privDescs_).  During the 
load
    operation, the code creates bitmaps (privInfo_) for the current user.  
Privilege
    checks are performed against the user bitmaps (privInfo_).  This is in
    anticipation for some performance updates when connecting to Trafodion 
(mxosrvr)
    with different users.
    
    Change getRoleList to include the roleID and the granteeID that granted the
    privilege. The grantee can be a user or a role.
    
    When a privilege is revoked from a role, send QI keys for every user that 
has
    been granted to role.

----


---