[
https://issues.apache.org/jira/browse/TRAFODION-2175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15840044#comment-15840044
]
ASF GitHub Bot commented on TRAFODION-2175:
-------------------------------------------
GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/932
TRAFODION-2175 a user should only see specific schemas/tables that he…
… has privs
TRAFODION-1573 Additional GET commands for privileges
This is one of several deliveries to improve GET commands:
- return details about objects that are only visible to the current_user.
- support additional statements
This delivery adds visibility checking to to the following commands:
get users;
get roles;
get users for role <role>;
get roles for user <user>;
It now supports the following GET statements:
get privileges for user <user>;
get privileges for role <role>;
When getting privileges for a user or role, the output is as follows:
<privileges> <object> <optional column name>
<privileges> output is a character string containing granted privileges:
char 1: SELECT_PRIV - "S"
char 2: INSERT_PRIV - "I"
char 3: DELETE_PRIV - "D"
char 4: UPDATE_PRIV - "U"
char 5: USAGE_PRIV - "G"
char 6: REFERENCES_PRIV - "R"
char 7: EXECUTE_PRIV - "E"
If the user/role has no privilege then "-" is specified for the character
Example: get privileges for user userx;
SI--G-E TRAFODION.MYSCH.MYTABLE1
S------ TRAFODION.MYSCH.MYTABLE2 <Column> column1
S--U--- TRAFODION.MYSCH.MYTABLE2 <Column> column2
When getting privileges for a role, only those privileges granted to the
role
are returned.
When getting privileges for a user, privileges directly granted to the user
plus privileges granted to any roles associated with the user are returned.
A new regression test - privs1/TEST123 has been added to test these changes.
In addition, unused methods were removed from Get code.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion getcmd
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/932.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #932
----
----
> a user should only see specific schemas/tables that he has privileges to
> ------------------------------------------------------------------------
>
> Key: TRAFODION-2175
> URL: https://issues.apache.org/jira/browse/TRAFODION-2175
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
> Environment: OS -- centos6.7 , centos7.1 , centos7.2
> esgynDB -- R2.2 daily build
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> we have a requirement that a user should only see the objects that he has
> privileges to do operations on.
> Current feature is, ‘get schemas’ will return all schemas in the database,
> and in a private schema created by a user, another user can still see all
> tables with ‘get tables’, and also can check table’s structure with ‘showddl’.
>
> If we have many customer data on cloud cluster, we don’t want a customer to
> view any other customers’ data, we want the customers to be isolated from
> each other.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
