[
https://issues.apache.org/jira/browse/TRAFODION-2175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630927#comment-15630927
]
Roberta Marton commented on TRAFODION-2175:
-------------------------------------------
Privilege checking is available for SHOWDDL commands. To perform a SHOWDDL you
must:
-- be DB__ROOT
-- be object owner
-- have the SHOW privilege (PUBLIC & DB__ROOTROLE has priv)
-- have SELECT privileges on object
Privilege checking not performed for GET commands at this time. However, for
the interim, changes will be made that requires anyone performing GET to:
-- be DB__ROOT
-- have the SHOW privilege
> a user should only see specific schemas/tables that he has privileges to
> ------------------------------------------------------------------------
>
> Key: TRAFODION-2175
> URL: https://issues.apache.org/jira/browse/TRAFODION-2175
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
> Environment: OS -- centos6.7 , centos7.1 , centos7.2
> esgynDB -- R2.2 daily build
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> we have a requirement that a user should only see the objects that he has
> privileges to do operations on.
> Current feature is, ‘get schemas’ will return all schemas in the database,
> and in a private schema created by a user, another user can still see all
> tables with ‘get tables’, and also can check table’s structure with ‘showddl’.
>
> If we have many customer data on cloud cluster, we don’t want a customer to
> view any other customers’ data, we want the customers to be isolated from
> each other.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
