GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/281
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion priv-fixes
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/281.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #281
----
commit 356925572d80f940fb9e3c08c1db680083b2169f
Author: Roberta Marton <[email protected]>
Date: 2016-01-21T17:19:55Z
Merge branch 'master' into priv-fixes
commit 8652aeb8294f525ca004ae872bd96d3c4158905b
Author: Roberta Marton <[email protected]>
Date: 2016-01-23T00:12:12Z
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773
TRAFODION-12 Grant Revoke Enhancements
-- Revoke: added code to verify that when column privileges are revoked then
the remaining grants are is still intact. It does this by starting at
the
beginning of the privilege tree and rebuilding it from top to bottom with
the requested privilege changes. If the revoke causes part of the tree
to
be unaccessible (a broken branch), the revoke operation fails.
TRAFODION-1761 Grant and Revoke on table with referencing views does not
work
-- When granting INSERT, UPDATE, or DELETE object privilege(s) on a table
that
is referenced by one or more views, then the privilege should be granted
on
any updatable views that reference the table. The grant request to the
these
views should be executed as though the current user is _SYSTEM.
Similarily
for revokes.
-- If the grant is performed that adds the WITH GRANT OPTION, then
the WITH GRANT OPTION is to be added to the referencing views. The
grant request should be executed as though the current user is _SYSTEM.
Similarily for revokes.
-- The problem was caused by the incorrect grantor being processed. So,
added
a new field to the ObjectUsage structure that tells grant/revoke that
the grantor should be the system user. Also added change to not propagate
update privileges on non updatable views.
-- The checkin fixes object privileges; however, work is still needed to
support column level privileges and a mix between column and object
level.
TRAFODION-1773 Internal error to revoke role with restrict option when
there is
dependent view
-- There code (PrivMgrRoles) that determines if a specific user that owns
objects whose existence depend upon a privilege granted to the specified
role
can be revoked. This code did not consider views as a referenced object
type
Cleaned up PrivMgrDesc.h & PrivMgrDesc.cpp:
-- remove unused grantee field
-- added columnOrdinal which will be used to fix column privs for TRAFODION
1761
-- replaced std::bitset<NBR_OF_PRIVS> with the define PrivMgrBitmap
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
