[JBoss JIRA] (TEIID-5841) Authorization of table name that contain .
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5841?page=com.atlassian.jira.plugin... ]
Steven Hawkins commented on TEIID-5841:
---------------------------------------
The code has been committed. Doc changes and release note updates are pending - would like to see if there will be anything else based upon TEIID-5798 to account for.
> Authorization of table name that contain .
> ------------------------------------------
>
> Key: TEIID-5841
> URL: https://issues.jboss.org/browse/TEIID-5841
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 6 hours
> Remaining Estimate: 6 hours
>
> We have a long standing issue with the permission system mostly due to the initial api design - we only pass fully qualified names to the policy decider in the from of schema.table. If the table name contains '.' the policy decider simplistically walks up each segment - which effectively introduces inappropriate checks.
> For example if we have:
> view "a.b" and view "a", when we check permissions for "a.b" we'll first check for the a.b resource, then the a resource - which is not appropriate. This behavior in part was likely initially due to multi-schema import scenarios, such that the imported table names would be qualified by source schema name. Then you could add permissions against that partially qualified name teiidSchema.sourceSchema. That will no longer be possible if we implement TEIID-5840
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5843) Support xml[] with xmltable
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5843?focusedWorklogId=12448070&page... ]
Steven Hawkins logged work on TEIID-5843:
-----------------------------------------
Author: Steven Hawkins
Created on: 08/Nov/19 2:20 PM
Start Date: 08/Nov/19 2:20 PM
Worklog Time Spent: 1 hour, 30 minutes
Issue Time Tracking
-------------------
Remaining Estimate: 30 minutes (was: 2 hours)
Time Spent: 1 hour, 30 minutes
Worklog Id: (was: 12448070)
> Support xml[] with xmltable
> ---------------------------
>
> Key: TEIID-5843
> URL: https://issues.jboss.org/browse/TEIID-5843
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Minor
> Fix For: 13.0
>
> Original Estimate: 2 hours
> Time Spent: 1 hour, 30 minutes
> Remaining Estimate: 30 minutes
>
> Trying to retrieve a value as an xml array works different than retrieving just xml - as we are first flattening the array value to string. It should work the same way, or at least throw an exception indicating that it doesn't work.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5843) Support xml[] with xmltable
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5843?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-5843:
----------------------------------
Original Estimate: 2 hours
Remaining Estimate: 2 hours
Sprint: DV Sprint 54
Estimated Difficulty: Low
> Support xml[] with xmltable
> ---------------------------
>
> Key: TEIID-5843
> URL: https://issues.jboss.org/browse/TEIID-5843
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Minor
> Fix For: 13.0
>
> Original Estimate: 2 hours
> Remaining Estimate: 2 hours
>
> Trying to retrieve a value as an xml array works different than retrieving just xml - as we are first flattening the array value to string. It should work the same way, or at least throw an exception indicating that it doesn't work.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5843) Support xml[] with xmltable
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5843?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-5843.
-----------------------------------
Resolution: Done
Updated the logic to deal with xml in an array as well.
> Support xml[] with xmltable
> ---------------------------
>
> Key: TEIID-5843
> URL: https://issues.jboss.org/browse/TEIID-5843
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Minor
> Fix For: 13.0
>
>
> Trying to retrieve a value as an xml array works different than retrieving just xml - as we are first flattening the array value to string. It should work the same way, or at least throw an exception indicating that it doesn't work.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5840) Add validation of grant / revoke targets
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5840?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-5840:
----------------------------------
Sprint: DV Sprint 54
> Add validation of grant / revoke targets
> ----------------------------------------
>
> Key: TEIID-5840
> URL: https://issues.jboss.org/browse/TEIID-5840
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 4 hours
> Remaining Estimate: 4 hours
>
> We should be more pedantic about the targets of GRANT/REVOKE as they now specify both object type and name. Currently a grant against a non-existent target will still succeed - this is hold over from the loosely coupled permissioning model from designer.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5842) Better define the schema object namespaces
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5842?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-5842:
----------------------------------
Sprint: DV Sprint 54
> Better define the schema object namespaces
> ------------------------------------------
>
> Key: TEIID-5842
> URL: https://issues.jboss.org/browse/TEIID-5842
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 2 hours
> Time Spent: 2 hours
> Remaining Estimate: 0 minutes
>
> Right now tables/views, procedures, and functions are in separate namespaces. There are three downsides
> - procedural to relational mapping effectively puts procedures and tables in the same namespace
> - the default logic in the permission system does not check the resource type, so there is an assumption that the names won't conflict.
> - creating a virtual function defined by teiid procedure language (which we should be more strict about) is represented in system metadata as a procedure, but is resolvable as a function of the same name
> We either need to put everything in the same namespace, or be more exacting with the permission logic.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5842) Better define the schema object namespaces
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5842?page=com.atlassian.jira.plugin... ]
Steven Hawkins resolved TEIID-5842.
-----------------------------------
Resolution: Done
Updated the docs with the rest of the work being done as security layer cleanup.
> Better define the schema object namespaces
> ------------------------------------------
>
> Key: TEIID-5842
> URL: https://issues.jboss.org/browse/TEIID-5842
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 2 hours
> Remaining Estimate: 2 hours
>
> Right now tables/views, procedures, and functions are in separate namespaces. There are three downsides
> - procedural to relational mapping effectively puts procedures and tables in the same namespace
> - the default logic in the permission system does not check the resource type, so there is an assumption that the names won't conflict.
> - creating a virtual function defined by teiid procedure language (which we should be more strict about) is represented in system metadata as a procedure, but is resolvable as a function of the same name
> We either need to put everything in the same namespace, or be more exacting with the permission logic.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5842) Better define the schema object namespaces
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5842?focusedWorklogId=12448069&page... ]
Steven Hawkins logged work on TEIID-5842:
-----------------------------------------
Author: Steven Hawkins
Created on: 08/Nov/19 12:45 PM
Start Date: 08/Nov/19 12:45 PM
Worklog Time Spent: 2 hours
Issue Time Tracking
-------------------
Remaining Estimate: 0 minutes (was: 2 hours)
Time Spent: 2 hours
Worklog Id: (was: 12448069)
> Better define the schema object namespaces
> ------------------------------------------
>
> Key: TEIID-5842
> URL: https://issues.jboss.org/browse/TEIID-5842
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 2 hours
> Time Spent: 2 hours
> Remaining Estimate: 0 minutes
>
> Right now tables/views, procedures, and functions are in separate namespaces. There are three downsides
> - procedural to relational mapping effectively puts procedures and tables in the same namespace
> - the default logic in the permission system does not check the resource type, so there is an assumption that the names won't conflict.
> - creating a virtual function defined by teiid procedure language (which we should be more strict about) is represented in system metadata as a procedure, but is resolvable as a function of the same name
> We either need to put everything in the same namespace, or be more exacting with the permission logic.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month
[JBoss JIRA] (TEIID-5840) Add validation of grant / revoke targets
by Steven Hawkins (Jira)
[ https://issues.jboss.org/browse/TEIID-5840?page=com.atlassian.jira.plugin... ]
Steven Hawkins updated TEIID-5840:
----------------------------------
Original Estimate: 4 hours
Remaining Estimate: 4 hours
Story Points: 2
Estimated Difficulty: Low
Affects: Documentation (Ref Guide, User Guide, etc.),Release Notes
> Add validation of grant / revoke targets
> ----------------------------------------
>
> Key: TEIID-5840
> URL: https://issues.jboss.org/browse/TEIID-5840
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 4 hours
> Remaining Estimate: 4 hours
>
> We should be more pedantic about the targets of GRANT/REVOKE as they now specify both object type and name. Currently a grant against a non-existent target will still succeed - this is hold over from the loosely coupled permissioning model from designer.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 1 month