The syntax extension of set storage group and show storage group in new cluster
Hi all, In our new cluster, there are 4 new parameters of storage group(ttl, schemaReplicationFactor, dataReplicationFactor and timePartitionInterval). So, we need to support to init these parameters when create storage group. New syntax extension of set storage group: setStorageGroup : SET STORAGE GROUP TO prefixPath (WITH sgAttributeClause (COMMA sgAttributeClause)*)? ; sgAttributeClause : (TTL | SCHEMA_REPLICATION_FACTOR | DATA_REPLICATION_FACTOR | TIME_PARTITION_INTERVAL) '=' INTEGER_LITERAL ; And when you use show storage group, these 4 parameters will be showed at the same time, the header of show storage group: storage group, ttl, schema_replication_factor, data_replication_factor, time_partition_interval. Best, --- Hongyin Zhang
summer-ospp is coming and welcome to participate
Hi all, The summer-ospp (like GSoC) is coming, and welcome students enjoying it. Please find the guide here [1]. There are 4 projects related to Apache IoTDB (we have 4 slots but currently only 3 projects are approved, the last one is under review). You can find all of them here [2] (in Chinese). [1] https://summer-ospp.ac.cn/#/apply [2] https://summer-ospp.ac.cn/#/org/orgdetail/ecc8407d-fdc1-4425-826b-d36f57cc68fd/ Best, --- Xiangdong Huang School of Software, Tsinghua University
Re: Refactor the rule of auth check
Hi, root.sg.** should be a legal path. If a user has read permission under root.sg.**, he could query all paths like root.sg.x.x (a sub pattern of root.sg.**) Thanks, — Jialin Qiao Apache IoTDB PMC Xiangdong Huang 于2022年5月8日周日 19:48写道: > Hi, > > Just want to make a confirmation: so we cannot grant privileges to > 'root.sg.**'. > It is illegal, right? > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > 周钰坤 于2022年5月6日周五 19:14写道: > > > Hi > > > > Currently, the rule of iotdb's auth check is prefix match, which is > > inconsistent with pattern match in DDL and DML. Therefore, we want to > > refactor the rule to pattern match. > > For example, an old sql, 'GRANT USER ln_write_user PRIVILEGES > > INSERT_TIMESERIES on root.ln', won't work any more. The replacement is > > 'GRANT USER ln_write_user PRIVILEGES INSERT_TIMESERIES on root.ln.**' > > . > > > > Besides, we introduce the concept, sub pattern, which means a > > pattern's result set contains all the elements of its sub pattern's > > result set. For example, 'root.sg.d.*' is a sub pattern of > > 'root.sg.*.*', while 'root.sg.**' is not a sub pattern of > > 'root.sg.*.*'. > > When a user is granted privilege on a pattern, the pattern used in his > > DDL or DML must be a sub pattern of the previlige pattern, which > > guarantees that the user won't access the timeseries exceed his > > privilege scope. > > > > To guarantee the efficiency and performance of auth check, we will > > implement the auth check after the generation of statement and before > > the execution of statement. > > > > Hope for some suggestions. > > > > > > Best > > > > Yukun Zhou > > School of Software, Tsinghua University > > > > 周钰坤 > > 清华大学 软件学院 > > >
Re: Refactor the rule of auth check
Hi, Just want to make a confirmation: so we cannot grant privileges to 'root.sg.**'. It is illegal, right? --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 周钰坤 于2022年5月6日周五 19:14写道: > Hi > > Currently, the rule of iotdb's auth check is prefix match, which is > inconsistent with pattern match in DDL and DML. Therefore, we want to > refactor the rule to pattern match. > For example, an old sql, 'GRANT USER ln_write_user PRIVILEGES > INSERT_TIMESERIES on root.ln', won't work any more. The replacement is > 'GRANT USER ln_write_user PRIVILEGES INSERT_TIMESERIES on root.ln.**' > . > > Besides, we introduce the concept, sub pattern, which means a > pattern's result set contains all the elements of its sub pattern's > result set. For example, 'root.sg.d.*' is a sub pattern of > 'root.sg.*.*', while 'root.sg.**' is not a sub pattern of > 'root.sg.*.*'. > When a user is granted privilege on a pattern, the pattern used in his > DDL or DML must be a sub pattern of the previlige pattern, which > guarantees that the user won't access the timeseries exceed his > privilege scope. > > To guarantee the efficiency and performance of auth check, we will > implement the auth check after the generation of statement and before > the execution of statement. > > Hope for some suggestions. > > > Best > > Yukun Zhou > School of Software, Tsinghua University > > 周钰坤 > 清华大学 软件学院 >
