[GitHub] trafodion pull request #1520: [TRAFODION-2600] Unable to create view ... but...

2018-04-17 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/trafodion/pull/1520


---

[GitHub] trafodion pull request #1520: [TRAFODION-2600] Unable to create view ... but...

2018-04-16 Thread robertamarton 
GitHub user robertamarton opened a pull request:

https://github.com/apache/trafodion/pull/1520

[TRAFODION-2600] Unable to create view ... but user has SELECT privilege

Query invalidation is not resetting the role list when a user is granted a 
role.
For DML operations, we always retry the request once, and between retries, 
the
role list is reset.  So DML works on a retry.
However, DDL operations are not retried, so the role list is not reset and 
the
create view fails.

An analogous issue exists when the role is revoked from a user and the role
list is not reset.  In this case, the user can still create views even 
though
they no longer have the privilege.

Changes:
- Grant role: sends a new query invalidation key
- Revoke role: forces a query invalidation check even if the key is not 
present
- Displays query invalidation keys when debug option DBUSER_DEBUG is set, 
e.g:
   set envvar DBUSER_DEBUG 1;

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/robertamarton/incubator-trafodion jira-2600

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/trafodion/pull/1520.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1520


commit f9820b26144a45b7c7cbdedaeefc832f150f5d45
Author: Roberta Marton 
Date:   2018-04-16T22:26:07Z

[TRAFODION-2600] Unable to create view ... but user has SELECT privilege

Query invalidation is not resetting the role list when a user is granted a 
role.
For DML operations, we always retry the request once, and between retries, 
the
role list is reset.  So DML works on a retry.
However, DDL operations are not retried, so the role list is not reset and 
the
create view fails.

An analogous issue exists when the role is revoked from a user and the role
list is not reset.  In this case, the user can still create views even 
though
they no longer have the privilege.

Changes:
- Grant role: sends a new query invalidation key
- Revoke role: forces a query invalidation check even if the key is not 
present
- Displays query invalidation keys when debug option DBUSER_DEBUG is set, 
e.g:
   set envvar DBUSER_DEBUG 1;




---