[
https://issues.jboss.org/browse/TEIID-5792?page=com.atlassian.jira.plugin...
]
Steven Hawkins commented on TEIID-5792:
---------------------------------------
The scope of this is actually larger. Suppose I directly issue:
call proc(...)
If there are columns that I'm not entitled to on the result set, that would error.
Just like with select *, we'd have to also introduce resolving changes to omit those
result set columns from being returned to the client. Then what if all result set columns
are not accessible? Does the result set convey the row count and have no columns, or
should it be completely empty.
In short expecting the vdb developer to wrap things in a view clarifies this greatly.
Permissions don't work with virtual procedures' ResultSet
---------------------------------------------------------
Key: TEIID-5792
URL:
https://issues.jboss.org/browse/TEIID-5792
Project: Teiid
Issue Type: Enhancement
Components: Query Engine
Affects Versions: 12.0
Environment: teiid-12.0.0 on WildFly Full 14.0.1.Final (WildFly Core
6.0.2.Final)
Reporter: Dmitrii Pogorelov
Assignee: Steven Hawkins
Priority: Major
Teiid doesn't work with ResultSet of a virtual procedure. For example, if we have
procs.testProc virtual procedure which can return two values in ResultSet: a and b and we
specify a permission for one of these columns in ResultSet, the permission won't
work:
{code:xml}
<permission>
<resource-name>procs.testProc.a</resource-name>
<allow-read>false</allow-read>
</permission>
{code}
I think it would be great to set permissions also for ResultSets of virtual procedures,
so AuthorizationValidationVisitor.validateEntitlements method for a GroupSymbol, which is
a procedure, should analyze also its ResultSet. At the same time permissions work for
virtual views and we can set permissions for some views' columns separately.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)