ASF GitHub Bot commented on IGNITE-8135:
GitHub user devozerov opened a pull request:
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/gridgain/apache-ignite ignite-8135
Alternatively you can review and apply these changes as the patch at:
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3801
Author: devozerov <vozerov@...>
DROP TABLE tests.
> Missing SQL-DDL Authorization
> Key: IGNITE-8135
> URL: https://issues.apache.org/jira/browse/IGNITE-8135
> Project: Ignite
> Issue Type: Task
> Components: sql
> Affects Versions: 2.5
> Reporter: Alexey Kukushkin
> Assignee: Vladimir Ozerov
> Priority: Major
> Fix For: 2.5
> Ignite has infrastructure to support 3-rd party security plugins. To support
> authorization, Ignite has security checks spread all over the code delegating
> actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and
> "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if
> authorization is enabled, it is currently possible to run any SQL to
> create/drop/alter caches and read/modify/remove the cache data thus bypassing
> security. The problem exists for both DDL (create/drop/alter table) and DML
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes,
> Java and .NET thin clients, ODBC and JDBC, REST.
This message was sent by Atlassian JIRA