[
https://issues.apache.org/jira/browse/TRAFODION-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16480893#comment-16480893
]
ASF GitHub Bot commented on TRAFODION-1573:
---
GitHub user robertamarton opened a pull request:
https://github.com/apache/trafodion/pull/1568
TRAFODION-1573: Additional GET commands for privileges
TRAFODION-3074: Failed to register/unregister user when security disabled
TRAFODION-1573 changes:
- Added support for the following commands:
get privileges on
: [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION |
SEQUENCE]
- Added support for the FOR CLAUSE on all supported objects
Removed the need to specify keyword 'USER" before username. If USER is
included, then it is ignored.
get privileges on FOR [USER]
: [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
TABLE_MAPPING FUNCTIONS, SEQUENCES]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HIVEROLE role
get in schema hive.xx.xx;
: [TABLES, OBJECTS, VIEWS]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HBASEROLE role
get external hbase objects;
- The following get commands retrieve privilege details from Trafodion
metadata;
users can only see objects where they have been granted at least one
privilege
get hive registered tables in catalog trafodion;
get hbase registered tables in catalog trafodion;
- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.
TRAFODION-3074 changes
- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if
authorization
is not enabled
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion get-stmts
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafodion/pull/1568.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1568
commit 88e2a742b019dd8d22c22c79d1b64048395cfdb1
Author: Roberta Marton
Date: 2018-05-18T16:45:06Z
TRAFODION-1573: Additional GET commands for privileges
TRAFODION-3074: Failed to register/unregister user when security disabled
TRAFODION-1573 changes:
- Added support for the following commands:
get privileges on
: [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION |
SEQUENCE]
- Added support for the FOR CLAUSE on all supported objects
Removed the need to specify keyword 'USER" before username. If USER is
included, then it is ignored.
get privileges on FOR [USER]
: [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
TABLE_MAPPING FUNCTIONS, SEQUENCES]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HIVEROLE role
get in schema hive.xx.xx;
: [TABLES, OBJECTS, VIEWS]
- The following get command can only be run by DB__ROOT or a user that has
been
granted the DB__ROOTROLE or DB__HBASEROLE role
get external hbase objects;
- The following get commands retrieve privilege details from Trafodion
metadata;
users can only see objects where they have been granted at least one
privilege
get hive registered tables in catalog trafodion;
get hbase registered tables in catalog trafodion;
- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.
TRAFODION-3074 changes
- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if
authorization
is not enabled
> Additional GET commands for privileges
> --
>
> Key: TRAFODION-1573
> URL: https://issues.apache.org/jira/browse/TRAFODION-1573
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
>Affects Versions: 1.3-incubating
>Reporter: Roberta Marton
>Assignee: Roberta Marton
>Priority: Major
>
> There are several GET PRIVILEGES commands that would be useful in describing
> security attributes for an object. Many of these commands exists for
> component privileges but need to be added for other objects.
> This is a proposal to add the following commands:
> GET