Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/11753 )
Change subject: authz: verify tokens on scans ...................................................................... Patch Set 8: (2 comments) http://gerrit.cloudera.org:8080/#/c/11753/7/src/kudu/common/schema.h File src/kudu/common/schema.h: http://gerrit.cloudera.org:8080/#/c/11753/7/src/kudu/common/schema.h@552 PS7, Line 552: inline const std::vector<ColumnId>& column_ids() const { > Done Isn't inline implied by virtue of this being a function defined in the header? Like, columns() doesn't need inline, so why should this? http://gerrit.cloudera.org:8080/#/c/11753/4/src/kudu/tserver/tablet_service.cc File src/kudu/tserver/tablet_service.cc: http://gerrit.cloudera.org:8080/#/c/11753/4/src/kudu/tserver/tablet_service.cc@427 PS4, Line 427: return false; > I think there are a couple of approaches worth considering: If a user sends raw RPCs in order to get a diff scan (i.e. two timestamps) in UNORDERED mode, they may see multiple ghost entries for the same PK in the output. They'll need to deal with that somehow, either by deduplicating them client-side, or trying to order them chronologically, though the server doesn't return enough information to accomplish this. Agreed that we might want to enforce that if a diff scan was requested, ORDERED mode was also requested. No such enforcement exists today: https://gerrit.cloudera.org/c/12592 As a strawman, I'd propose that virtual columns require privileges on PK columns. Why? Because many (if not all) of the virtual columns I can think of can be viewed as bits of metadata on specific rows, so you need to at least establish a row's identity in order to use them effectively (i.e. to know which row we're talking about). And you need PK access for that. -- To view, visit http://gerrit.cloudera.org:8080/11753 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I7a5d81cf215a5d936f8853feba05778038764905 Gerrit-Change-Number: 11753 Gerrit-PatchSet: 8 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Mon, 18 Mar 2019 17:48:11 +0000 Gerrit-HasComments: Yes
