[
https://issues.jboss.org/browse/TEIID-5798?page=com.atlassian.jira.plugin...
]
Steven Hawkins edited comment on TEIID-5798 at 11/25/19 4:09 PM:
-----------------------------------------------------------------
Old syntax example:
{code}
GRANT SELECT,INSERT ON TABLE tbl CONDITION col = user() TO role; -- defaults to
CONSTRAINT
{code}
New:
{code}
GRANT SELECT,INSERT ON tbl TO role;
CREATE POLICY pname ON tbl FOR SELECT,INSERT TO role USING col = user() WITH CHECK; --
effectively WITH CHECK col = user()
{code}
In creating a new implementation we would need to under the covers do a similar conversion
- where the policy name is effectively derived. Another simplification would be to only
support a single role target, rather than a role list. That would address creating
another container concept for this style of grant and instead we could put the grants
directly on the DataPolicyMetadata - the same would go for masks.
The "mixed" from above:
{code}
GRANT SELECT,INSERT,UPDATE,DELETE ON tbl TO role; -- could add an ALL option
CREATE POLICY pname ON tbl FOR INSERT,UPDATE,DELETE TO role USING col = user() WITH
CHECK;
{code}
was (Author: shawkins):
Old syntax example:
{code}
GRANT SELECT,INSERT ON TABLE tbl CONDITION col = user() TO role; -- defaults to
CONSTRAINT
New:
{code}
GRANT SELECT,INSERT ON tbl TO role;
CREATE POLICY pname ON tbl FOR SELECT,INSERT TO role USING col = user() WITH CHECK; --
effectively WITH CHECK col = user()
{code}
In creating a new implementation we would need to under the covers do a similar conversion
- where the policy name is effectively derived. Another simplification would be to only
support a single role target, rather than a role list. That would address creating
another container concept for this style of grant and instead we could put the grants
directly on the DataPolicyMetadata - the same would go for masks.
The "mixed" from above:
{code}
GRANT SELECT,INSERT,UPDATE,DELETE ON tbl TO role; -- could add an ALL option
CREATE POLICY pname ON tbl FOR INSERT,UPDATE,DELETE TO role USING col = user() WITH
CHECK;
{code}
Mixed PERMISSION GRANTS
-----------------------
Key: TEIID-5798
URL:
https://issues.jboss.org/browse/TEIID-5798
Project: Teiid
Issue Type: Enhancement
Components: Query Engine
Reporter: Christoph John
Assignee: Steven Hawkins
Priority: Major
Fix For: 13.0
Original Estimate: 6 hours
Remaining Estimate: 6 hours
Hello,
I am currently trying to set a set of permissions on a table/view. Hence a condition on
INSERT,UPDATE,DELETE and an unconditioned SELECT.
However, it seems that conditioned and unconditioned GRANT statements do not work
together.
{code}
GRANT INSERT,UPDATE,DELETE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC"
CONDITION 'UserDefinedProducts_SRC.fkProfile in (SELECT Account.idProfile FROM
Account WHERE Account.uuidUser = LEFT(user(), 36) )' TO odata;
GRANT SELECT ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" TO odata;
REVOKE ALTER,EXECUTE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" FROM
odata;
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)