[GitHub] incubator-trafodion pull request #1010: TRAFODION-2538 Revoking privileges f...

[robertamarton]

GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/1010

    TRAFODION-2538 Revoking privileges from role not invoking query inval…

    …idation
    
    Fixed a issue where query invalidation keys were not being sent correctly 
when
    a privilege was revoked from a role.
    
    When a table is cached, a list of all the query invalidation keys for the 
user
    are stored.  Later, when a query is run, the compiler picks the relevant 
keys
    and places them in the plan.  When a revoke occurs, a key is sent to RMS and
    the executor processes check for keys at the next execution. If the key 
affects
    any caches, the cache entries are refreshed and plans recompiled.
    
    Incorrect keys were being created when privileges were revoked from roles, 
so
    queries continued to work even though the user had no more privileges.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion rroleprivs

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/1010.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1010
    
----
commit a78064b89afce13e12cc70024ca110b17b68c792
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Date:   2017-03-14T23:14:28Z

    TRAFODION-2538 Revoking privileges from role not invoking query invalidation
    
    Fixed a issue where query invalidation keys were not being sent correctly 
when
    a privilege was revoked from a role.
    
    When a table is cached, a list of all the query invalidation keys for the 
user
    are stored.  Later, when a query is run, the compiler picks the relevant 
keys
    and places them in the plan.  When a revoke occurs, a key is sent to RMS and
    the executor processes check for keys at the next execution. If the key 
affects
    any caches, the cache entries are refreshed and plans recompiled.
    
    Incorrect keys were being created when privileges were revoked from roles, 
so
    queries continued to work even though the user had no more privileges.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---