GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/375
TRAFODION [1696] - drop authorization doesn't drop all roles, and create
role will run into internal error
A while back a change was made in the PrivMgr constructors to assume that
authorization is enabled by default instead of the unknown state. If the
state
is unknown, privilege manager performs I/O to determine its state, otherwise
no additional checking is performed. This was changed because one, the
authorization check in PrivMgr is expensive and two, the majority of the
callers
already perform the authorization check by looking in the compile context
set up
during process startup. Role code was not updated to handle this change
correctly as described in TRAFODION-1696. Changes were made to check
compiler
context to verify that authorization is enabled for role commands.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion fix-1696
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/375.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #375
----
commit 680f3917fe23fc3d202e218c09ff28574fc83ec3
Author: Roberta Marton <[email protected]>
Date: 2016-03-10T21:18:25Z
TRAFODION [1696] - drop authorization doesn't drop all roles, and create
role will run into internal error
A while back a change was made in the PrivMgr constructors to assume that
authorization is enabled by default instead of the unknown state. If the
state
is unknown, privilege manager performs I/O to determine its state, otherwise
no additional checking is performed. This was changed because one, the
authorization check in PrivMgr is expensive and two, the majority of the
callers
already perform the authorization check by looking in the compile context
set up
during process startup. Role code was not updated to handle this change
correctly as described in TRAFODION-1696. Changes were made to check
compiler
context to verify that authorization is enabled for role commands.
Fixed a comment related to queryBuf size for internal library management
operations.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
