[
https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630516#comment-15630516
]
Oleksandr Diachenko commented on HAWQ-1130:
-------------------------------------------
According to investigation made, checking whether max oid is within range makes
sense just for migration from older version of HAWQ which didn't have dedicated
oid pool for HCatalog objects. Therefore we can leave this check but go with
caql access instead of SPI so user doesn't have to be superuser to query
HCatalog tables.
> Make HCatalog integration work with non-superusers
> --------------------------------------------------
>
> Key: HAWQ-1130
> URL: https://issues.apache.org/jira/browse/HAWQ-1130
> Project: Apache HAWQ
> Issue Type: Improvement
> Components: PXF
> Reporter: Oleksandr Diachenko
> Assignee: Oleksandr Diachenko
> Fix For: 2.0.1.0-incubating
>
>
> According to current implementation user who uses HCatalog integration
> feature should have SELECT privileges for pg_authid, pg_user_mapping tables.
> It's fine for superusers but we shouldn't expose them to non-superusers
> because they store hashed user passwords.
> Basically, the problem is how to determine max oid among all oid-having
> tables.
> Possible solutions:
> * Creating view returning max oid and grant select privilege to public.
> ** Cons:
> *** Requires catalog upgrade;
> * Reading current oid from shared memory.
> ** Pros:
> *** No catalog upgrade needed.
> ** Cons:
> *** Additional exclusive locks needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
