[JBoss JIRA] (TEIIDDES-2274) Row-based Security creates incorrect permission
by Ramesh Reddy (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2274?page=com.atlassian.jira.plu... ]
Ramesh Reddy commented on TEIIDDES-2274:
----------------------------------------
When in doubt please ask or see Teiid docs.
> Both *Condition and Column Masking are available...
"condition" is a expression that is added on where clause, for ex: city = 'newyork', always accounts to a boolean expression
"Column Masking" is expression that is used instead of column value when the above condition is satisfied. For example, this could be a string literal 'xxxxx' or substring(2, column) or null. It needs to produce a value.
Note that the column(s) selected as part of the expression in the "condition" has nothing to do with mask expression.
> Row-based Security creates incorrect permission
> -----------------------------------------------
>
> Key: TEIIDDES-2274
> URL: https://issues.jboss.org/browse/TEIIDDES-2274
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Modeling, VDB & Execution
> Affects Versions: 8.3.3
> Environment: OSX 10.9.4, Java 1.7.0_25. However, this bug has also been verified on a RHEL 7 instance as well.
> Reporter: Blaine Mincey
> Assignee: Barry LaFond
> Labels: designer, teiid
> Fix For: 8.3.4, 8.6, 8.5.1
>
>
> In modeling a VDB, when adding a condition for row-based security, an incorrect permission is created. For example, if using the Designer to select a column, the following condition is added:
> <permission>
> <resource-name>AccountsView.CUSTOMER.STATE</resource-name>
> <condition constraint="true"><> 'New York'</condition>
> </permission>.
> In order for row-based security to work, the VDB.xml needs to be edited to be the following:
> <permission>
> <resource-name>AccountsView.CUSTOMER</resource-name>
> <condition constraint="true">STATE <> 'New York'</condition>
> </permission>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2274) Row-based Security creates incorrect permission
by Barry LaFond (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2274?page=com.atlassian.jira.plu... ]
Barry LaFond commented on TEIIDDES-2274:
----------------------------------------
Actually, d-clicking a column in the model panel opens the *Security Definition" dialog/editor. Both *Condition* and *Column Masking* are available... and yes, the *Row Filter* panel add/edit dialogs only allow setting the filter on a table target.
This aspect of *security* is still a little confusing to me and difficult to create a clear and understandable UI.
> Row-based Security creates incorrect permission
> -----------------------------------------------
>
> Key: TEIIDDES-2274
> URL: https://issues.jboss.org/browse/TEIIDDES-2274
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Modeling, VDB & Execution
> Affects Versions: 8.3.3
> Environment: OSX 10.9.4, Java 1.7.0_25. However, this bug has also been verified on a RHEL 7 instance as well.
> Reporter: Blaine Mincey
> Assignee: Barry LaFond
> Labels: designer, teiid
> Fix For: 8.3.4, 8.6, 8.5.1
>
>
> In modeling a VDB, when adding a condition for row-based security, an incorrect permission is created. For example, if using the Designer to select a column, the following condition is added:
> <permission>
> <resource-name>AccountsView.CUSTOMER.STATE</resource-name>
> <condition constraint="true"><> 'New York'</condition>
> </permission>.
> In order for row-based security to work, the VDB.xml needs to be edited to be the following:
> <permission>
> <resource-name>AccountsView.CUSTOMER</resource-name>
> <condition constraint="true">STATE <> 'New York'</condition>
> </permission>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2161) Merge various fixes from master into 8.3.4
by Barry LaFond (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2161?page=com.atlassian.jira.plu... ]
Barry LaFond updated TEIIDDES-2161:
-----------------------------------
Description:
*Candidates*
* NONE
*Completed Upstream*
* NONE
*Merged*
* TEIIDDES-2017 NPE while using Teiid Connection Importer
* TEIIDDES-2018 DDL importer creates wrong data type for "integer"
* TEIIDDES-2089 Teiid connection import throws "java.lang.IllegalArgumentException: The supplied model folder refers to an existing non-model project" on Windows
* TEIIDDES-2111 NPE trying to Preview Data (partial merge)
* TEIIDDES-2131 With Teiid Designer, user can't set "System Table Access" for "VDB Data Role" with a small display
* TEIIDDES-2138 Restrict "New VDB" wizard's "Add model" to the current project
* TEIIDDES-2139 2 Connections to same VDB in JBDS seem to share one password
* TEIIDDES-2142 & TEIIDDES-2131 New VDB Data Role' Dialog needs layout improvement
* TEIIDDES-2151 Create relational model from WS (SOAP) using default procedures generates both models in one subdirectory
* TEIIDDES-2154 Preview VDB is not updated after adding or modifying a translator override ( partial related commit)
* TEIIDDES-2156 Building Vdbs in eclipse should not throw runtime exceptions (*Already commited in 8.3.3 release*)
* TEIIDDES-2164 Editing teiid importer connection url can't be finished
* TEIIDDES-2170 Add VDB Version text entry to VDB Editor
* TEIIDDES-2186 SWT Illegal Argument exception from Teiid Server Editor page
* TEIIDDES-2189 Add ModelType validation in the New MED wizard to prevent creating MED without one selected
* TEIIDDES-2191 Create VDB Data Source Menu Item not i18n
* TEIIDDES-2192 VDB Context Menu in server view should have an option for creating vdb data source
* TEIIDDES-2196 Data Roles dialog issues (addresses TEIIDDES-2261)
* TEIIDDES-2205 Remove table name error validation for names that include '.' delimiter (related to TEIIDDES-2100)
* TEIIDDES-2214 Cannot generate CXF WAR from VDB created in 8.3.3
* TEIIDDES-2221 Deleted XSD schema from VDB can't be added back
* TEIIDDES-2244 Exception in TeiidServerVersion parsing "8.4.1-redhat-7"
* TEIIDDES-2260 Teiid Designer doesn't clean up vdb.xml properly (Data Roles - conditions)
* TEIIDDES-2266 Unexpected internal error near index 1 on Windows
* TEIIDDES-2267 JNDI Name selection on VDB Explorer does not function on Windows
* TEIIDDES-2274 Row-based Security creates incorrect permission
* TEIIDDES-2275 Invalid Model Name, when trying to use Teiid Connection Importer
* TEIIDDES-2139 - 2 Connections to same VDB in JBDS seem to share one password
* TEIIDDES-2237 - Server credentials for multiple Teiid instances sharing password
* [91fc48c8|https://github.com/Teiid-Designer/teiid-designer/commit/91fc48c8...] - Miscellaneous fixes found while debugging TEIIDDES-2139 and TEIIDDES-2237
* [35a73da0|https://github.com/Teiid-Designer/teiid-designer/commit/35a73da0...] - Removes debug messages erroneously added by TEIIDDES-2139
* TEIIDDES-2275 Invalid Model Name, when trying to use Teiid Connection Importer
* TEIIDDES-2291 (Windows only) New VDB datarole checkboxes problems
* TEIIDDES-2295 Issues with table viewer selection and editing on Windows (various jiras) (TEIIDDES-2276, TEIIDDES-2293, TEIIDDES-2294, TEIIDDES-2309, TEIIDDES-2302)
* TEIIDDES-2298 Wrong message in LDAP import dialog
* TEIIDDES-2304 VDB Reuse - View model says it is read only
* TEIIDDES-2314 VDB editor in TD 8.6 allows user to add source model from reused VDB
* TEIIDDES-2320 Creating masking on column using "Security" column in Edit VDB Data Role dialogue doesn't work
* TEIIDDES-2330 Unhandled event loop exception when creating Relational View Procedure
was:
*Candidates*
* NONE
*Completed Upstream*
* NONE
*Merged*
* TEIIDDES-2017 NPE while using Teiid Connection Importer
* TEIIDDES-2018 DDL importer creates wrong data type for "integer"
* TEIIDDES-2089 Teiid connection import throws "java.lang.IllegalArgumentException: The supplied model folder refers to an existing non-model project" on Windows
* TEIIDDES-2111 NPE trying to Preview Data (partial merge)
* TEIIDDES-2131 With Teiid Designer, user can't set "System Table Access" for "VDB Data Role" with a small display
* TEIIDDES-2138 Restrict "New VDB" wizard's "Add model" to the current project
* TEIIDDES-2139 2 Connections to same VDB in JBDS seem to share one password
* TEIIDDES-2142 & TEIIDDES-2131 New VDB Data Role' Dialog needs layout improvement
* TEIIDDES-2151 Create relational model from WS (SOAP) using default procedures generates both models in one subdirectory
* TEIIDDES-2154 Preview VDB is not updated after adding or modifying a translator override ( partial related commit)
* TEIIDDES-2156 Building Vdbs in eclipse should not throw runtime exceptions (*Already commited in 8.3.3 release*)
* TEIIDDES-2164 Editing teiid importer connection url can't be finished
* TEIIDDES-2170 Add VDB Version text entry to VDB Editor
* TEIIDDES-2186 SWT Illegal Argument exception from Teiid Server Editor page
* TEIIDDES-2189 Add ModelType validation in the New MED wizard to prevent creating MED without one selected
* TEIIDDES-2196 Data Roles dialog issues (addresses TEIIDDES-2261)
* TEIIDDES-2205 Remove table name error validation for names that include '.' delimiter (related to TEIIDDES-2100)
* TEIIDDES-2214 Cannot generate CXF WAR from VDB created in 8.3.3
* TEIIDDES-2244 Exception in TeiidServerVersion parsing "8.4.1-redhat-7"
* TEIIDDES-2260 Teiid Designer doesn't clean up vdb.xml properly (Data Roles - conditions)
* TEIIDDES-2266 Unexpected internal error near index 1 on Windows
* TEIIDDES-2274 Row-based Security creates incorrect permission
* TEIIDDES-2139 - 2 Connections to same VDB in JBDS seem to share one password
* TEIIDDES-2237 - Server credentials for multiple Teiid instances sharing password
* [91fc48c8|https://github.com/Teiid-Designer/teiid-designer/commit/91fc48c8...] - Miscellaneous fixes found while debugging TEIIDDES-2139 and TEIIDDES-2237
* [35a73da0|https://github.com/Teiid-Designer/teiid-designer/commit/35a73da0...] - Removes debug messages erroneously added by TEIIDDES-2139
* TEIIDDES-2275 Invalid Model Name, when trying to use Teiid Connection Importer
* TEIIDDES-2295 Issues with table viewer selection and editing on Windows (various jiras) (TEIIDDES-2276, TEIIDDES-2293, TEIIDDES-2294, TEIIDDES-2309, TEIIDDES-2302)
* TEIIDDES-2298 Wrong message in LDAP import dialog
* TEIIDDES-2314 VDB editor in TD 8.6 allows user to add source model from reused VDB
* TEIIDDES-2330 Unhandled event loop exception when creating Relational View Procedure
> Merge various fixes from master into 8.3.4
> ------------------------------------------
>
> Key: TEIIDDES-2161
> URL: https://issues.jboss.org/browse/TEIIDDES-2161
> Project: Teiid Designer
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Patch Release
> Reporter: Barry LaFond
> Assignee: Johnathon Lee
> Priority: Blocker
> Fix For: 8.3.4
>
>
> *Candidates*
> * NONE
> *Completed Upstream*
> * NONE
> *Merged*
> * TEIIDDES-2017 NPE while using Teiid Connection Importer
> * TEIIDDES-2018 DDL importer creates wrong data type for "integer"
> * TEIIDDES-2089 Teiid connection import throws "java.lang.IllegalArgumentException: The supplied model folder refers to an existing non-model project" on Windows
> * TEIIDDES-2111 NPE trying to Preview Data (partial merge)
> * TEIIDDES-2131 With Teiid Designer, user can't set "System Table Access" for "VDB Data Role" with a small display
> * TEIIDDES-2138 Restrict "New VDB" wizard's "Add model" to the current project
> * TEIIDDES-2139 2 Connections to same VDB in JBDS seem to share one password
> * TEIIDDES-2142 & TEIIDDES-2131 New VDB Data Role' Dialog needs layout improvement
> * TEIIDDES-2151 Create relational model from WS (SOAP) using default procedures generates both models in one subdirectory
> * TEIIDDES-2154 Preview VDB is not updated after adding or modifying a translator override ( partial related commit)
> * TEIIDDES-2156 Building Vdbs in eclipse should not throw runtime exceptions (*Already commited in 8.3.3 release*)
> * TEIIDDES-2164 Editing teiid importer connection url can't be finished
> * TEIIDDES-2170 Add VDB Version text entry to VDB Editor
> * TEIIDDES-2186 SWT Illegal Argument exception from Teiid Server Editor page
> * TEIIDDES-2189 Add ModelType validation in the New MED wizard to prevent creating MED without one selected
> * TEIIDDES-2191 Create VDB Data Source Menu Item not i18n
> * TEIIDDES-2192 VDB Context Menu in server view should have an option for creating vdb data source
> * TEIIDDES-2196 Data Roles dialog issues (addresses TEIIDDES-2261)
> * TEIIDDES-2205 Remove table name error validation for names that include '.' delimiter (related to TEIIDDES-2100)
> * TEIIDDES-2214 Cannot generate CXF WAR from VDB created in 8.3.3
> * TEIIDDES-2221 Deleted XSD schema from VDB can't be added back
> * TEIIDDES-2244 Exception in TeiidServerVersion parsing "8.4.1-redhat-7"
> * TEIIDDES-2260 Teiid Designer doesn't clean up vdb.xml properly (Data Roles - conditions)
> * TEIIDDES-2266 Unexpected internal error near index 1 on Windows
> * TEIIDDES-2267 JNDI Name selection on VDB Explorer does not function on Windows
> * TEIIDDES-2274 Row-based Security creates incorrect permission
> * TEIIDDES-2275 Invalid Model Name, when trying to use Teiid Connection Importer
> * TEIIDDES-2139 - 2 Connections to same VDB in JBDS seem to share one password
> * TEIIDDES-2237 - Server credentials for multiple Teiid instances sharing password
> * [91fc48c8|https://github.com/Teiid-Designer/teiid-designer/commit/91fc48c8...] - Miscellaneous fixes found while debugging TEIIDDES-2139 and TEIIDDES-2237
> * [35a73da0|https://github.com/Teiid-Designer/teiid-designer/commit/35a73da0...] - Removes debug messages erroneously added by TEIIDDES-2139
> * TEIIDDES-2275 Invalid Model Name, when trying to use Teiid Connection Importer
> * TEIIDDES-2291 (Windows only) New VDB datarole checkboxes problems
> * TEIIDDES-2295 Issues with table viewer selection and editing on Windows (various jiras) (TEIIDDES-2276, TEIIDDES-2293, TEIIDDES-2294, TEIIDDES-2309, TEIIDDES-2302)
> * TEIIDDES-2298 Wrong message in LDAP import dialog
> * TEIIDDES-2304 VDB Reuse - View model says it is read only
> * TEIIDDES-2314 VDB editor in TD 8.6 allows user to add source model from reused VDB
> * TEIIDDES-2320 Creating masking on column using "Security" column in Edit VDB Data Role dialogue doesn't work
> * TEIIDDES-2330 Unhandled event loop exception when creating Relational View Procedure
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2274) Row-based Security creates incorrect permission
by Van Halbert (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2274?page=com.atlassian.jira.plu... ]
Van Halbert updated TEIIDDES-2274:
----------------------------------
Comment: was deleted
(was: Matus,
You say conditions on columns are only used for masking, does that mean we don't support conditions on columns anymore? Like indicated above:
{code}
<permission>
<resource-name>Accounts.Customer</resource-name>
<condition>state <> 'New York'</condition>
</permission>
{code})
> Row-based Security creates incorrect permission
> -----------------------------------------------
>
> Key: TEIIDDES-2274
> URL: https://issues.jboss.org/browse/TEIIDDES-2274
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Modeling, VDB & Execution
> Affects Versions: 8.3.3
> Environment: OSX 10.9.4, Java 1.7.0_25. However, this bug has also been verified on a RHEL 7 instance as well.
> Reporter: Blaine Mincey
> Assignee: Barry LaFond
> Labels: designer, teiid
> Fix For: 8.3.4, 8.6, 8.5.1
>
>
> In modeling a VDB, when adding a condition for row-based security, an incorrect permission is created. For example, if using the Designer to select a column, the following condition is added:
> <permission>
> <resource-name>AccountsView.CUSTOMER.STATE</resource-name>
> <condition constraint="true"><> 'New York'</condition>
> </permission>.
> In order for row-based security to work, the VDB.xml needs to be edited to be the following:
> <permission>
> <resource-name>AccountsView.CUSTOMER</resource-name>
> <condition constraint="true">STATE <> 'New York'</condition>
> </permission>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2274) Row-based Security creates incorrect permission
by Van Halbert (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2274?page=com.atlassian.jira.plu... ]
Van Halbert commented on TEIIDDES-2274:
---------------------------------------
Matus,
You say conditions on columns are only used for masking, does that mean we don't support conditions on columns anymore? Like indicated above:
{code}
<permission>
<resource-name>Accounts.Customer</resource-name>
<condition>state <> 'New York'</condition>
</permission>
{code}
> Row-based Security creates incorrect permission
> -----------------------------------------------
>
> Key: TEIIDDES-2274
> URL: https://issues.jboss.org/browse/TEIIDDES-2274
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Modeling, VDB & Execution
> Affects Versions: 8.3.3
> Environment: OSX 10.9.4, Java 1.7.0_25. However, this bug has also been verified on a RHEL 7 instance as well.
> Reporter: Blaine Mincey
> Assignee: Barry LaFond
> Labels: designer, teiid
> Fix For: 8.3.4, 8.6, 8.5.1
>
>
> In modeling a VDB, when adding a condition for row-based security, an incorrect permission is created. For example, if using the Designer to select a column, the following condition is added:
> <permission>
> <resource-name>AccountsView.CUSTOMER.STATE</resource-name>
> <condition constraint="true"><> 'New York'</condition>
> </permission>.
> In order for row-based security to work, the VDB.xml needs to be edited to be the following:
> <permission>
> <resource-name>AccountsView.CUSTOMER</resource-name>
> <condition constraint="true">STATE <> 'New York'</condition>
> </permission>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2196) Data Roles dialog issues
by Matus Makovy (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2196?page=com.atlassian.jira.plu... ]
Matus Makovy commented on TEIIDDES-2196:
----------------------------------------
verified in 8.3.4
> Data Roles dialog issues
> ------------------------
>
> Key: TEIIDDES-2196
> URL: https://issues.jboss.org/browse/TEIIDDES-2196
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Dialogs
> Affects Versions: 8.0
> Reporter: Ramesh Reddy
> Assignee: Barry LaFond
> Priority: Critical
> Fix For: 8.5, 8.3.4
>
> Attachments: column-masking-dialog.png, permissions-row-filter-tab.png, row-based-security-dialog.png
>
>
> There is one bug, few couple suggestions
> 1) Rename "Conditions" tab to "Row Filter"
> 2) Rename "Mask" tab "Column Masking"
> 3) When somebody clicks "add" in conditions, the resource only applies to tables and views not columns. So, the the pick list should be on tables
> 4) change the text on the this pop-up box, it says "Add Column Row-based security", that makes no sense to me. Say "Row based security through filtering", in description say "Provide any boolean based criteria (ex:...)"
> 5) On masking "add" dialog, change
> * target column ==> Column to Mask
> * Masking ==> Column Expression
> You can have hint in the bottom saying that, "Column Expression will be used in place of masked column in executed query"
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months
[JBoss JIRA] (TEIIDDES-2274) Row-based Security creates incorrect permission
by Matus Makovy (JIRA)
[ https://issues.jboss.org/browse/TEIIDDES-2274?page=com.atlassian.jira.plu... ]
Matus Makovy commented on TEIIDDES-2274:
----------------------------------------
TD 8.3.4: This can't be reproduced for verification anymore. Fixing TEIIDDES-2196 (Data Roles dialogue issues) resolved this. User isn't able to target column using Row Filter tab (renamed Conditions tab from 8.3.3) anymore. If you want to create Row Filter (row-based security) you have to choose table as target. Conditions on columns are used only for Column Masking.
> Row-based Security creates incorrect permission
> -----------------------------------------------
>
> Key: TEIIDDES-2274
> URL: https://issues.jboss.org/browse/TEIIDDES-2274
> Project: Teiid Designer
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Modeling, VDB & Execution
> Affects Versions: 8.3.3
> Environment: OSX 10.9.4, Java 1.7.0_25. However, this bug has also been verified on a RHEL 7 instance as well.
> Reporter: Blaine Mincey
> Assignee: Barry LaFond
> Labels: designer, teiid
> Fix For: 8.3.4, 8.6, 8.5.1
>
>
> In modeling a VDB, when adding a condition for row-based security, an incorrect permission is created. For example, if using the Designer to select a column, the following condition is added:
> <permission>
> <resource-name>AccountsView.CUSTOMER.STATE</resource-name>
> <condition constraint="true"><> 'New York'</condition>
> </permission>.
> In order for row-based security to work, the VDB.xml needs to be edited to be the following:
> <permission>
> <resource-name>AccountsView.CUSTOMER</resource-name>
> <condition constraint="true">STATE <> 'New York'</condition>
> </permission>
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
11 years, 7 months