[jira] [Commented] (TRAFODION-1573) Additional GET commands for privileges

2018-05-21 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/TRAFODION-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16482655#comment-16482655
 ] 

ASF GitHub Bot commented on TRAFODION-1573:
---

Github user asfgit closed the pull request at:

https://github.com/apache/trafodion/pull/1568


> Additional GET commands for privileges
> --
>
> Key: TRAFODION-1573
> URL: https://issues.apache.org/jira/browse/TRAFODION-1573
> Project: Apache Trafodion
>  Issue Type: Improvement
>  Components: sql-security
>Affects Versions: 1.3-incubating
>Reporter: Roberta Marton
>Assignee: Roberta Marton
>Priority: Major
>
> There are several GET PRIVILEGES commands that would be useful in describing 
> security attributes for an object. Many of these commands exists for 
> component privileges but need to be added for other objects.  
> This is a proposal to add the following commands:
> GET PRIVILEGES ON 
> GET PRIVILEGES ON  FOR 
>  is:
>   libraries
>   procedures
>   functions (table_mapping functions)
>   views
>   tables
>   sequence generators
>  is:
>  USER 
>  ROLE 
>  auth name (gets USER and ROLE)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (TRAFODION-1573) Additional GET commands for privileges

2018-05-18 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/TRAFODION-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16480893#comment-16480893
 ] 

ASF GitHub Bot commented on TRAFODION-1573:
---

GitHub user robertamarton opened a pull request:

https://github.com/apache/trafodion/pull/1568

TRAFODION-1573: Additional GET commands for privileges

TRAFODION-3074: Failed to register/unregister user when security disabled

TRAFODION-1573 changes:

- Added support for the following commands:

  get privileges on 
  : [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION | 
SEQUENCE]

- Added support for the FOR CLAUSE on all supported objects
  Removed the need to specify keyword 'USER" before username. If USER is
  included, then it is ignored.

  get privileges on  FOR [USER] 
  : [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
  TABLE_MAPPING FUNCTIONS, SEQUENCES]

- The following get command can only be run by DB__ROOT or a user that has 
been
  granted the DB__ROOTROLE or DB__HIVEROLE role

  get  in schema hive.xx.xx;
  : [TABLES, OBJECTS, VIEWS]

- The following get command can only be run by DB__ROOT or a user that has 
been
  granted the DB__ROOTROLE or DB__HBASEROLE role

  get external hbase objects;

- The following get commands retrieve privilege details from Trafodion 
metadata;
  users can only see objects where they have been granted at least one 
privilege

  get hive registered tables in catalog trafodion;
  get hbase registered tables in catalog trafodion;

- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.

TRAFODION-3074 changes

- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if 
authorization
  is not enabled

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/robertamarton/incubator-trafodion get-stmts

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/trafodion/pull/1568.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #1568


commit 88e2a742b019dd8d22c22c79d1b64048395cfdb1
Author: Roberta Marton 
Date:   2018-05-18T16:45:06Z

TRAFODION-1573: Additional GET commands for privileges
TRAFODION-3074: Failed to register/unregister user when security disabled

TRAFODION-1573 changes:

- Added support for the following commands:

  get privileges on 
  : [LIBRARY | PROCEDURE | FUNCTION | TABLE_MAPPING FUNCTION | 
SEQUENCE]

- Added support for the FOR CLAUSE on all supported objects
  Removed the need to specify keyword 'USER" before username. If USER is
  included, then it is ignored.

  get privileges on  FOR [USER] 
  : [TABLES, VIEWS, LIBRARIES, PROCEDURES, FUNCTIONS,
  TABLE_MAPPING FUNCTIONS, SEQUENCES]

- The following get command can only be run by DB__ROOT or a user that has 
been
  granted the DB__ROOTROLE or DB__HIVEROLE role

  get  in schema hive.xx.xx;
  : [TABLES, OBJECTS, VIEWS]

- The following get command can only be run by DB__ROOT or a user that has 
been
  granted the DB__ROOTROLE or DB__HBASEROLE role

  get external hbase objects;

- The following get commands retrieve privilege details from Trafodion 
metadata;
  users can only see objects where they have been granted at least one 
privilege

  get hive registered tables in catalog trafodion;
  get hbase registered tables in catalog trafodion;

- get privileges commands now return owner's privileges in output
- Cleaned up code in the parser.

TRAFODION-3074 changes

- register user - fixed query to find next available authID
- unregister user - added checks to not read privilege metadata if 
authorization
  is not enabled




> Additional GET commands for privileges
> --
>
> Key: TRAFODION-1573
> URL: https://issues.apache.org/jira/browse/TRAFODION-1573
> Project: Apache Trafodion
>  Issue Type: Improvement
>  Components: sql-security
>Affects Versions: 1.3-incubating
>Reporter: Roberta Marton
>Assignee: Roberta Marton
>Priority: Major
>
> There are several GET PRIVILEGES commands that would be useful in describing 
> security attributes for an object. Many of these commands exists for 
> component privileges but need to be added for other objects.  
> This is a proposal to add the following commands:
> GET