GitHub user robertamarton opened a pull request:
https://github.com/apache/trafodion/pull/1520
[TRAFODION-2600] Unable to create view ... but user has SELECT privilege
Query invalidation is not resetting the role list when a user is granted a
role.
For DML operations, we always retry the request once, and between retries,
the
role list is reset. So DML works on a retry.
However, DDL operations are not retried, so the role list is not reset and
the
create view fails.
An analogous issue exists when the role is revoked from a user and the role
list is not reset. In this case, the user can still create views even
though
they no longer have the privilege.
Changes:
- Grant role: sends a new query invalidation key
- Revoke role: forces a query invalidation check even if the key is not
present
- Displays query invalidation keys when debug option DBUSER_DEBUG is set,
e.g:
set envvar DBUSER_DEBUG 1;
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion jira-2600
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafodion/pull/1520.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1520
commit f9820b26144a45b7c7cbdedaeefc832f150f5d45
Author: Roberta Marton
Date: 2018-04-16T22:26:07Z
[TRAFODION-2600] Unable to create view ... but user has SELECT privilege
Query invalidation is not resetting the role list when a user is granted a
role.
For DML operations, we always retry the request once, and between retries,
the
role list is reset. So DML works on a retry.
However, DDL operations are not retried, so the role list is not reset and
the
create view fails.
An analogous issue exists when the role is revoked from a user and the role
list is not reset. In this case, the user can still create views even
though
they no longer have the privilege.
Changes:
- Grant role: sends a new query invalidation key
- Revoke role: forces a query invalidation check even if the key is not
present
- Displays query invalidation keys when debug option DBUSER_DEBUG is set,
e.g:
set envvar DBUSER_DEBUG 1;
---