[JBoss JIRA] (TEIID-2311) Add simple row based security to data roles
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-2311?page=com.atlassian.jira.plugin... ]
Work on TEIID-2311 started by Steven Hawkins.
> Add simple row based security to data roles
> -------------------------------------------
>
> Key: TEIID-2311
> URL: https://issues.jboss.org/browse/TEIID-2311
> Project: Teiid
> Issue Type: Feature Request
> Components: Query Engine
> Affects Versions: 8.2
> …
[View More]Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 8.3
>
>
> A common request is to implement row based security. The common workaround of modifying transformations is generally not a good solution.
> We should look at adding support for simple table filters and column masks.
> To be effective, filtering permissions however would have to act differently than normal data roles. They would need to be applied all the time - and not just against the end user queries.
> For example, for tables:
> <permission>
> <resource-name>SCHEMA.TABLE</resource-name>
> <filter>COLUMNA=2</filter>
> </permission>
> Meaning allow the CRUD of the given row only if COLUMNA has the value of 2. Any valid predicate against just the referenced table would be allowed as a filter. Each such permission would be applied as an additional predicate any time the table is referenced (in views, inserts, updates, deletes, etc.).
> Allows would not be specified here as we want the filter to always specify inclusion. Any applicable permissions in additional roles would be applied disjunctively - filter OR filter.
> We could possibly support column masks via case expressions, such as:
> <permission>
> <resource-name>SCHEMA.TABLE.COLUMN</resource-name>
> <mask>CASE WHEN ...</mask>
> </permission>
> However this is slightly more complicated. Presumably the mask would only apply to projection and makes more sense to be applied at the final output/user query (more like a data role).
> If we work the issue to specify the object type of a permission, then the name could alternatively refer to datatype or even an extension property to make the masking a little easier.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[View Less]
12 years, 1 month
[JBoss JIRA] (TEIID-1557) Add support for retrieving generated keys
by Steven Hawkins (JIRA)
[ https://issues.jboss.org/browse/TEIID-1557?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-1557.
-----------------------------------
Resolution: Done
Implemented generated key retrieval for JDBC sources and teiid temp tables - with the limitation that the last set of generated keys is returned directly without any Teiid post processing (which should be fine for most scenarios and the docs touch on this). Also added a release note and documentation.
&…
[View More]gt; Add support for retrieving generated keys
> -----------------------------------------
>
> Key: TEIID-1557
> URL: https://issues.jboss.org/browse/TEIID-1557
> Project: Teiid
> Issue Type: Feature Request
> Components: Connector API, JDBC Driver, Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 8.3
>
>
> We should add support for retrieving generated keys to support the JPA identity key generation.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[View Less]
12 years, 1 month
[JBoss JIRA] (TEIID-2290) Create a Rules (jbpm) quick start
by Van Halbert (JIRA)
[ https://issues.jboss.org/browse/TEIID-2290?page=com.atlassian.jira.plugin... ]
Van Halbert updated TEIID-2290:
-------------------------------
Fix Version/s: 8.3
(was: Open To Community)
> Create a Rules (jbpm) quick start
> ---------------------------------
>
> Key: TEIID-2290
> URL: https://issues.jboss.org/browse/TEIID-2290
> Project: Teiid
> Issue Type: Task
> …
[View More]Components: Build/Kits
> Reporter: Van Halbert
> Assignee: Van Halbert
> Fix For: 8.3
>
>
> Rules integration!
> Calling rules from within virtual procedure or transformation:
> Logical flow something like this:
> For each row
> convert row to array or other form that can be easily passed to
> user-defined function (UDF)
> custom UDF implementation accepts array/vararg params and converts
> to pojo
> UDF injects pojo to knowledge session
> rules (potentially) modify pojo
> UDF converts pojo back to array and returns to Teiid
> procedure/transformation converts array back to record/row
> modified values available to procedure/transformation logic
> End
> Assumptions:
> 1. UDF is not adding or removing columns/fields
> 2. UDF is not changing the datatypes of columns/fields
> 3. overhead of starting knowledge session for each record/row is
> prohibitive. Need a stateful/persistent knowledge session. This may
> mean a rules service of some kind, preferably in-process.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[View Less]
12 years, 1 month
[JBoss JIRA] (TEIID-2290) Create a Rules (jbpm) quick start
by Van Halbert (JIRA)
[ https://issues.jboss.org/browse/TEIID-2290?page=com.atlassian.jira.plugin... ]
Van Halbert reassigned TEIID-2290:
----------------------------------
Assignee: Van Halbert
> Create a Rules (jbpm) quick start
> ---------------------------------
>
> Key: TEIID-2290
> URL: https://issues.jboss.org/browse/TEIID-2290
> Project: Teiid
> Issue Type: Task
> Components: Build/Kits
> Reporter:…
[View More] Van Halbert
> Assignee: Van Halbert
> Fix For: Open To Community
>
>
> Rules integration!
> Calling rules from within virtual procedure or transformation:
> Logical flow something like this:
> For each row
> convert row to array or other form that can be easily passed to
> user-defined function (UDF)
> custom UDF implementation accepts array/vararg params and converts
> to pojo
> UDF injects pojo to knowledge session
> rules (potentially) modify pojo
> UDF converts pojo back to array and returns to Teiid
> procedure/transformation converts array back to record/row
> modified values available to procedure/transformation logic
> End
> Assumptions:
> 1. UDF is not adding or removing columns/fields
> 2. UDF is not changing the datatypes of columns/fields
> 3. overhead of starting knowledge session for each record/row is
> prohibitive. Need a stateful/persistent knowledge session. This may
> mean a rules service of some kind, preferably in-process.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[View Less]
12 years, 1 month