[
https://issues.apache.org/jira/browse/CALCITE-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16398459#comment-16398459
]
Piotr Bojko commented on CALCITE-2194:
--------------------------------------
[~julianhyde] I know that you are in a rush during a release of 1.16.0 now. So
take your time here. In my opinion I have fulfill your requirements about the
privileges model and I am waiting only for your call about that and then will
patch minor issues like formatting or so.
But If you are ok with that and find useful to calcite I can contribute more
changes. I would like to have a factory for authentication - just like
authorization here:
{code:json}
{
"version": "1.0",
"defaultSchema": "ENHANCED",
"authorization": {
"factory": "org.apache.calcite.access.PrincipalWithOwnershipAuthFactory",
"operand": {}
},
"authentication": {
"factory": "org.apache.calcite.access.SomeAuthenticationFactory",
"operand": {}
},
"schemas": [
{code}
AuthenticationFactory could produce AuthenticationProvider (instead of existing
Fairy which name you don't like) and this provider will be hooked to some
events in calcite (mostly to creation of connection under which a principal
should be deduced). Having that - user of calcite can implement different
authentication schemes, maybe bridge the authentication from spring/jee (my
case), maybe simple deducing from connection.condig.user property.
Your call :)
> Schema access authorization feature
> -----------------------------------
>
> Key: CALCITE-2194
> URL: https://issues.apache.org/jira/browse/CALCITE-2194
> Project: Calcite
> Issue Type: New Feature
> Components: core
> Affects Versions: 1.16.0
> Reporter: Piotr Bojko
> Assignee: Piotr Bojko
> Priority: Minor
>
> See:
> [https://mail-archives.apache.org/mod_mbox/calcite-dev/201711.mbox/ajax/%3C6F6E52D4-6860-4384-A1CB-A2301D05394D%40apache.org%3E]
> I've looked into the core and the notion of an user could be hard to achieved
> now.
> Though, I am able to implement the "hidden schema" feature through following
> changes:
> # JsonSchema - add a holder for the feature, boolean flag or flags field
> with enum (CACHED which now exists as a separate flag - some deprecation
> could be needed, HIDDEN)
> # CalciteSchema - pass through of a flag
> # RelOptSchema - pass through of a flag
> # CalciteCatalogReader - pass through of a flag
> # Other derivatives of RelOptSchema - mocked value, false
> # RelOptTable and impl - pass through of a flag
> # SqlValidatorImpl - validation whether object from hidden schema is used
> (in the same places like validateAccess)
> # ViewTableMacro.apply -> Schemas.analyzeView ->
> CalcitePrepareImpl.analyzeView -> CalcitePrepareImpl.parse_ ->
> CalcitePrepareImpl.CalcitePrepareImpl - this path of execution should build
> SqlValidatorImpl which has the check from point 7 disabled-
> Such feature could be useful for end users.
> If the solution is ok - I can contribute it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
