PrivMgrCommands.cpp

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
TRAFODION - 3218 User still has privilege after user's role has been revoked ...

Partial support for column level privileges with QI support for:

column select

column insert

column references

column update

Also, as part of this, updated privilege code in a couple of areas:

Changed object caching code in NATable and NARoutine to store all privileges

assigned to the object when the object is cached (privDescs_). During the load

operation, the code creates bitmaps (privInfo_) for the current user. Privilege

checks are performed against the user bitmaps (privInfo_). This is in

anticipation for some performance updates when connecting to Trafodion (mxosrvr)

with different users.

Change getRoleList to include the roleID and the granteeID that granted the

privilege. The grantee can be a user or a role.

When a privilege is revoked from a role, send QI keys for every user that has

been granted to role.

  1. … 40 more files in changeset.
Fixes for TRAFODION-3194 && TRAFODION-3195

TRAFODION-3194 Revoke grant option on objects revokes more that grant option

changed Privilege Manager to set bitmaps correctly

removed unused methods from PrivMgrDesc

TRAFODION-3195: Fixes for get commands:

get schemas for user <user>:

returns schemas owned by the specified user

if current user does not have elevated privilege,

returns error if current user does not match <user>.

get schemas for role <role>:

returns schemas owned by the role,

if current user does not have elevated privilege,

returns error if current user has not been granted <role>

get [tables | views | indexes | libraries ] for user <user>:

get [functions | table_mapping_functions | procedures] for user <user>:

get [privileges | roles] for user <user>:

returns objects where <user> has at least one privilege

if current user does not have eleveted privilege

returns error if current user does not match <user>.

get [tables | views | indexes | libraries ] for role <role>:

get [functions | table_mapping_functions | procedures] for role <role>:

get [privileges | users] for <role>:

returns objects where <role> has at least one privilege

if current user does not have eleveted privilege

returns error if current user has not been granted <role>

  1. … 17 more files in changeset.
TRAFODION-3046: Privilege support for native HBase tables

-- Grants and revokes against native HBase tables are enforced similar to hive

-- Privilege checking added when creating and dropping native HBase tables

-- Removing dependent Trafodion metadata when native HBase tables are dropped

-- Added regression test (privs2/TEST146)

-- Reorg - split PrivMgrComponents into 2 files:

PrivMgrComponents and PrivMgrUserPrivs

An hbase table can be referenced using one of the following types:

"_CELL_" - references cell data

"_ROW_" - references row data

"_MAP_" - references data defined by the mapped (external) table

Privileges are granted against each of these types, so if you:

select * from hbase."_CELL_".hbase1;

You must have the select privileges on this table

For example: "grant select on hbase."_CELL_".hbase1 to user1"

Likewise for other hbase types, grants are required to gain accessibility

grant select on hbase."_MAP_".hbase1 to user1

grant select on hbase."_ROW_".hbase1 to role1

  1. … 25 more files in changeset.
[TRAFODION-2768] Make Trafodion code base to compile in RH7

  1. … 126 more files in changeset.
[TRAFODION-2584] Add support to register hive objects in traf metadata

Syntax:

register hive table/view [if not exists] <object-name> [cascade]

unregister hive table/view [if exists] <object-name> [cascade]

cascade option: register/unregister all underlying objects that are

part of the specified view

update statistics, grant/revoke, traf views or external table creation

on hive objects will automatically and internally register those objects

in trafodion metadata.

invoke/showddl will show if this object is registered and whether

that registration was internal or explicit.

Get command extensions:

get hive registered tables/view/objects in catalog trafodion;

get hive external tables in catalog trafodion;

Cleanup command extensions:

cleanup metadata command will clean up inconsistent hive objects

(underlying hive object is missing but object is registered or

an external table exists)

cleanup [hive table | hive view] on <object-name>;

Existing hive objects that had implicit or explicit external tables

created prior to this checkin will have no change in behavior.

ObjectUID of those external tables will continue to be used for

relevant operations.

One can drop those external tables and explicitly register them,

or a subsequent operation(upd stats, grant, etc) that needs objectUID will

automatically register them.

minor changes based on review comments of previous checkin

get all objects command on hive metadata no longer fails.

get views on objects return 3-part name that could be used to

differentiate between a traf and hive view.

regress/hive/TEST007 has been extended.

TBD: Add register/unregister privileges

  1. … 52 more files in changeset.
TRAFODION-2538 Revoking privileges from role not invoking query invalidation

Fixed a issue where query invalidation keys were not being sent correctly when

a privilege was revoked from a role.

When a table is cached, a list of all the query invalidation keys for the user

are stored. Later, when a query is run, the compiler picks the relevant keys

and places them in the plan. When a revoke occurs, a key is sent to RMS and

the executor processes check for keys at the next execution. If the key affects

any caches, the cache entries are refreshed and plans recompiled.

Incorrect keys were being created when privileges were revoked from roles, so

queries continued to work even though the user had no more privileges.

  1. … 10 more files in changeset.
TRAFODION-2441 user has only select privilege on a table can do ... TRAFODION-2409 support privilege control(column privileges) for hive tables TRAFODION-2423 any user can perform 'initialize trafodion, drop' TRAFODION-2435 Any user can perform TRUNCATE on native Hive tables. TRAFODION-2463 Hive: Any user can do update statistics for hive tables

Fixed issues found while testing privileges with native Hive.

TRAFODION-2441:

changed code that initializes owner privileges for views.

TRAFODION-2409:

returning error message 1328 during attempt to grant unsupported column level

privilege on hive table.

TRAFODION 2423:

added privilege checks for all initialize commands, error 1017 is returned if

not DB__ROOT

TRAFODION-2435:

Returning error 1051 if TRUNCATE is attempted on a hive table where the

current user has no privilege

TRAFODION-2463:

Privilege checks added for Hive table during update statistics

  1. … 25 more files in changeset.
Merge branch 'master' into trafodion-2189

Conflicts:

core/sql/optimizer/NATable.cpp

core/sql/sqlcomp/PrivMgrDesc.h

  1. … 6 more files in changeset.
[TRAFODION-2167]: Invalid query invalidation keys not working properly

When a user is revoked from a role, invalidation keys are not being

processed correctly. Therefore, users can still run queries even though

privileges have been removed. Query invalidation is complicated when

table descriptors are stored in metadata.

Changes:

--> The list of priv_descs created (and stored) was changed to include an entry

for each user and each role accumulated across all grantors. (Today, each

priv_desc entry includes the users' direct grants plus grants on their

active roles.)

--> When an object is loaded into NATable or NARoutine cache, the priv_desc is

accessed and the privilege bitmap is now generated by combining the users'

privileges with privileges of their active roles. Correct invalidation keys

are now being created and stored with the object. In the first code drop,

the users' active roles are read from the role_usage table. In the next

code drop, the active roles will be stored and maintained in executor

globals.

--> When a plan is compiled, the correct invalidation keys for users, roles,

and the public authorization are added to the plan.

--> Changes in the compiler were required to handle the invalidation keys for

revoke role and revoke privilege from "PUBLIC".

--> Cleaned up the code that manages invalidation keys in privilege manager.

--> Included the correct create and redef times (if available) in the stored

object descriptor - today they are always set to 0.

--> Added new regression test to test all the revoke options.

  1. … 13 more files in changeset.
TRAFODION [2137] Improve metadata access time during query compilation

A change was made to return privilege information in the descriptor structure

instead of getting it when the NATable or NARoutine object is instantiated.

For tables, storing privileges in the descriptor structure allows privileges

to be saved with other table attributes in the metadata. This improves metadata

access time during initial query compilations.

Changes:

--> At create time or when the object's DDL changes (redeftime), the compiler

gets the list of privs for all users. If stored descriptors is enabled,

this list is stored as part of the object definition in the TEXT table.

--> PrivMgr returns a list of bitmaps for all users granted any priv

--> the list of privs is transformed into a VirtTable

--> the VirtTable is transformed into TrafDesc

--> a packed form of the TrafDesc is stored in the TEXT table

--> When an NATable or NARoutine is instantiated, the current user's credentials

are extracted from the TrafDesc and stored in the class thereby eliminating

the need to perform I/O to get privs for the user.

  1. … 22 more files in changeset.
Privilege fixes for TRAFODION-1595

TRAFODION-1595 Privilege manager tables missing from HBase

If initialize authorization fails for any reason, some remnants of the operation

remain around. Once DDL_TRANSACTIONS have been enabled, then this issue goes

away.

Code changes have been made as follows:

- If the initialize operation fails and DDL_TRANSACTIONS is not enabled, go

ahead and cleanup all remnants of the operation.

- Added new option to cleanup after a failed authorization attempt:

INITIALIZE AUTHORIZATION, CLEANUP.

The CLEANUP option can be used to clean up after a failed initialize attempt

when the DROP option fails.

- Added logging into the initialize, drop, and cleanup authorization requests.

  1. … 10 more files in changeset.
Trafodion-1100 Creator of view in private schema unable to select from view

For private schemas, all objects are owned by the schema owner. If an authID

has create component privilege, they can create objects in other schemas.

However, the owner of the new object is still the schema owner.

When the object creator is not the schema owner, then the schema owner

automatically becomes the owner and the object creator is granted all relevant

privileges on the object WGO.

For views, this was not working correctly.

Also found another issue where column privileges were not being handled

correctly when generating the privileges list.

Problem is described in more detail in the JIRA

Changes:

CmpSeabaseDDLview - changed the create view code to add privileges for both the

schema owner and the view creator, and fixes the privilege list issue.

PrivMgr - added a helper function to convert an authID to an authName

PrivMgrCommands - changed the API to send in the grantor ID

PrivMgrPrivileges - changed the code to use the passed in grantor

TEST141 - added a new regression test, it is currently skipped until

trafodion-1087 is resolved.

  1. … 11 more files in changeset.
Changes for JIRA TRAFODION-353, 1200, 1214, and 12

1. JIRA Trafodion-353 (Launchpad 1324716):

.traf_authentication_config syntax errors on blank

corrected

2. JIRA Trafodion-1200 (Launchpad 1447336):

DB__ROOTROLE now equivalent to DB__ROOT (completed

in this delivery).

3. JIRA Trafodion-1214 (Launchpad 1450122):

LDAPSSL (level 1) now uses TLS_CACERTFILE.

4. JIRA Trafodion-12 - grant revoke enhancements including:

Six new component-level privileges: DML_DELETE, DML_INSERT,

DML_REFERENCES, DML_SELECT, DML_UPDATE, and DML_USAGE.

Authorization IDs granted a DML privilege at the system

(SQL_OPERATIONS component-level) have the privilege

on all objects in the Trafodion database.

Users who have the MANAGE_PRIVILEGE component-level privilege

can also grant "WITH GRANT OPTION" any privilege they have.

In addition, they implicitly grant on behalf of the owner when

the GRANTED BY clause is omitted. (Mimics DB__ROOT behavior.)

Tracing had been added (but not yet enabled) to better debug

grant and revoke problems

Column level privilege enforcement has been added and column

level privileges support is enabled.

  1. … 25 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Privilege manager fixes for 1438896 and 1465356

1438896: Internal error during create or replace view

The objectUID check when getting privilege information was not correct.

1465356: Revoke privilege from role returns dependent object error

There is a check in mainline revoke code to determine if the object type is a

view and if the SELECT privilege is no longer applicable. If so, then the

dependent error is returned. However, this code is incorrect and actually the

correct code exists in the gatherViewPrivileges method. The view check has been

removed.

  1. … 2 more files in changeset.
Merge remote branch 'core/master'

  1. … 108 more files in changeset.
Merge remote branch 'core/master'

  1. … 2817 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1230
    ./PrivMgrCommands.cpp
  1. … 10768 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1033
    ./PrivMgrCommands.cpp
  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

    • -0
    • +1264
    ./PrivMgrCommands.cpp
  1. … 10837 more files in changeset.