[jira] [Comment Edited] (TRAFODION-2974) Some predefined UDFs should be regular UDFs so we can revoke rights

Wed, 28 Feb 2018 16:19:06 -0800 

    [ 
https://issues.apache.org/jira/browse/TRAFODION-2974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16381289#comment-16381289
 ] 

Hans Zeller edited comment on TRAFODION-2974 at 3/1/18 12:17 AM:
-----------------------------------------------------------------

For the fix, Roberta suggested that we can add these UDFs to the existing 
library for "library management" UDRs, consisting of several SPJs and one 
TMUDF. We also need to create one more library for the C++ function 
event_log_reader.

Other predefined UDFs like TIMESERIES stay as predefined, since there is no 
need to grant or revoke rights to this UDF - TIMESERIES does not return 
anything that cannot be calculated from its inputs.

I'm not removing the existing UDFs quite yet, we can do that in R2.4. For now, 
users will get a warning 4323 with instructions on how to convert to using the 
new UDFs in schema "_LIBMGR_".


was (Author: hzeller):
For the fix, Roberta suggested that we can add these UDFs to the existing 
library for "library management" UDRs, consisting of several SPJs and one 
TMUDF. We also need to create one more library for the C++ function 
event_log_reader.

Other predefined UDFs like TIMESERIES stay as predefined, since there is no 
need to grant or revoke rights to this UDF - TIMESERIES does not return 
anything that cannot be calculated from its inputs.

> Some predefined UDFs should be regular UDFs so we can revoke rights
> -------------------------------------------------------------------
>
>                 Key: TRAFODION-2974
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2974
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-cmu
>    Affects Versions: 2.2-incubating
>            Reporter: Hans Zeller
>            Assignee: Hans Zeller
>            Priority: Major
>             Fix For: 2.3
>
>
> Roberta pointed out that we have two predefined UDFs, EVENT_LOG_READER and 
> JDBC, where the system administrator should have the ability to control who 
> can execute these functions.
> To do this, these two UDFs cannot be "predefined" UDFs anymore, since those 
> don't have the metadata that's required for doing grant and revoke.
> Roberta also pointed out that the JDBC UDF should refuse to connect to the T2 
> driver, for security reasons.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to