[
https://jira.jboss.org/browse/TEIIDDES-568?page=com.atlassian.jira.plugin...
]
John Verhaeg commented on TEIIDDES-568:
---------------------------------------
So it sounds like we are in agreement, although I'm not sure I understand the "if
they are not using data roles" qualifier. The manual editing of the file is exactly
what I am concerned about. I know tooling is the preferred way to make changes, but the
ability to make those changes manually is still important. So unless I'm missing
something important from your last comment, it seems we should eliminate the extraneous
attributes to avoid any possibility of accidental failure. Providing the read ability for
system tables using the current elements and attributes implies the create/update/delete
elements are also applicable. If they're not, then we should provide a different
mechanism, such as the new attributes I was suggesting, to provide this read access.
Provide the ability to control the data role access to the system
tables
------------------------------------------------------------------------
Key: TEIIDDES-568
URL:
https://jira.jboss.org/browse/TEIIDDES-568
Project: Teiid Designer
Issue Type: Task
Components: VDB & Execution
Reporter: Ramesh Reddy
Assignee: Barry LaFond
Priority: Critical
Fix For: 7.1
Attachments: NewDataRoleWizard.jpg
Currently the Designer does not provide a mechanism to control the system tables through
"data roles" wizard. This needs to be provided. Since the system tables are read
only these guys only need "readonly" permission. Since the
"pg_catalog" is also another variation of "system" tables that needs
to controlled also. However, "pg_catalog" is dynamic view model added during the
deployment time and Designer does not have access to it.
Since
1) providing the fine grained control over system schema is error prone in providing
metadata or not
2) pg_catalog is not available
we propose that this metadata on tooling is controlled through single boolean field
(check box) called "Allow access to system tables". The default of this should
be "true"
As result of checking this box, the following XML fragment needs to be vdb.xml file
<permission>
<resource-name>sys</resource-name>
<allow-create>false</allow-create>
<allow-read>true</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
</permission>
<permission>
<resource-name>pg_catalog</resource-name>
<allow-create>false</allow-create>
<allow-read>true</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
</permission>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira