[teiid-issues] [JBoss JIRA] (TEIID-5798) Mixed PERMISSION GRANTS
Steven Hawkins (Jira)
issues at jboss.org
Mon Nov 25 16:10:00 EST 2019
[ https://issues.jboss.org/browse/TEIID-5798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13817578#comment-13817578 ]
Steven Hawkins commented on TEIID-5798:
---------------------------------------
Old syntax example:
{code}
GRANT SELECT,INSERT ON TABLE tbl CONDITION col = user() TO role; -- defaults to CONSTRAINT
New:
{code}
GRANT SELECT,INSERT ON tbl TO role;
CREATE POLICY pname ON tbl FOR SELECT,INSERT TO role USING col = user() WITH CHECK; -- effectively WITH CHECK col = user()
{code}
In creating a new implementation we would need to under the covers do a similar conversion - where the policy name is effectively derived. Another simplification would be to only support a single role target, rather than a role list. That would address creating another container concept for this style of grant and instead we could put the grants directly on the DataPolicyMetadata - the same would go for masks.
The "mixed" from above:
{code}
GRANT SELECT,INSERT,UPDATE,DELETE ON tbl TO role; -- could add an ALL option
CREATE POLICY pname ON tbl FOR INSERT,UPDATE,DELETE TO role USING col = user() WITH CHECK;
{code}
> Mixed PERMISSION GRANTS
> -----------------------
>
> Key: TEIID-5798
> URL: https://issues.jboss.org/browse/TEIID-5798
> Project: Teiid
> Issue Type: Enhancement
> Components: Query Engine
> Reporter: Christoph John
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 6 hours
> Remaining Estimate: 6 hours
>
> Hello,
> I am currently trying to set a set of permissions on a table/view. Hence a condition on INSERT,UPDATE,DELETE and an unconditioned SELECT.
> However, it seems that conditioned and unconditioned GRANT statements do not work together.
> {code}
> GRANT INSERT,UPDATE,DELETE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" CONDITION 'UserDefinedProducts_SRC.fkProfile in (SELECT Account.idProfile FROM Account WHERE Account.uuidUser = LEFT(user(), 36) )' TO odata;
> GRANT SELECT ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" TO odata;
> REVOKE ALTER,EXECUTE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" FROM odata;
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the teiid-issues
mailing list