[teiid-issues] [JBoss JIRA] (TEIID-5792) Permissions don't work with virtual procedures' ResultSet

Dmitrii Pogorelov (Jira) issues at jboss.org
Thu Jul 25 06:40:00 EDT 2019 

    [ https://issues.jboss.org/browse/TEIID-5792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13763233#comment-13763233 ] 

Dmitrii Pogorelov commented on TEIID-5792:
------------------------------------------

[~shawkins] got it, but the workaround doesn't fit, of course, for the case if we want to forbid all cols in resultset and return just empty, as if it were for a sproc without resultset. The view can help us to solve the permission issue for procedures' resultset but for me it looks like a crutch (or an additional option to solve some not traditional cases).

> Then what if all result set columns are not accessible? Does the result set convey the row count and have no columns, or should it be completely empty.
I would return just empty result as it does a real procedure without resultset. If we need to return something then it should be implemented via virtual view (here the workaround with views fits very nice).

> Permissions don't work with virtual procedures' ResultSet
> ---------------------------------------------------------
>
>                 Key: TEIID-5792
>                 URL: https://issues.jboss.org/browse/TEIID-5792
>             Project: Teiid
>          Issue Type: Enhancement
>          Components: Query Engine
>    Affects Versions: 12.0
>         Environment: teiid-12.0.0 on WildFly Full 14.0.1.Final (WildFly Core 6.0.2.Final)
>            Reporter: Dmitrii Pogorelov
>            Assignee: Steven Hawkins
>            Priority: Major
>
> Teiid doesn't work with ResultSet of a virtual procedure. For example, if we have procs.testProc virtual procedure which can return two values in ResultSet: a and b and we specify a permission for one of these columns in ResultSet, the permission won't work:
> {code:xml}
>         <permission>
>             <resource-name>procs.testProc.a</resource-name>
>             <allow-read>false</allow-read>
>         </permission>
> {code}
> I think it would be great to set permissions also for ResultSets of virtual procedures, so AuthorizationValidationVisitor.validateEntitlements method for a GroupSymbol, which is a procedure, should analyze also its ResultSet. At the same time permissions work for virtual views and we can set permissions for some views' columns separately.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the teiid-issues mailing list