[
https://issues.jboss.org/browse/TEIID-5841?focusedWorklogId=12448073&...
]
Steven Hawkins logged work on TEIID-5841:
-----------------------------------------
Author: Steven Hawkins
Created on: 11/Nov/19 4:02 PM
Start Date: 11/Nov/19 4:02 PM
Worklog Time Spent: 6 hours
Issue Time Tracking
-------------------
Remaining Estimate: 0 minutes (was: 6 hours)
Time Spent: 6 hours
Worklog Id: (was: 12448073)
Authorization of table name that contain .
------------------------------------------
Key: TEIID-5841
URL:
https://issues.jboss.org/browse/TEIID-5841
Project: Teiid
Issue Type: Bug
Components: Query Engine
Reporter: Steven Hawkins
Assignee: Steven Hawkins
Priority: Major
Fix For: 13.0
Original Estimate: 6 hours
Time Spent: 6 hours
Remaining Estimate: 0 minutes
We have a long standing issue with the permission system mostly due to the initial api
design - we only pass fully qualified names to the policy decider in the from of
schema.table. If the table name contains '.' the policy decider simplistically
walks up each segment - which effectively introduces inappropriate checks.
For example if we have:
view "a.b" and view "a", when we check permissions for
"a.b" we'll first check for the a.b resource, then the a resource - which is
not appropriate. This behavior in part was likely initially due to multi-schema import
scenarios, such that the imported table names would be qualified by source schema name.
Then you could add permissions against that partially qualified name
teiidSchema.sourceSchema. That will no longer be possible if we implement TEIID-5840
--
This message was sent by Atlassian Jira
(v7.13.8#713008)