[teiid-issues] [JBoss JIRA] Updated: (TEIID-1550) Row level security enhancements

Steven Hawkins (JIRA) jira-events at lists.jboss.org
Thu May 12 10:41:31 EDT 2011 

     [ https://issues.jboss.org/browse/TEIID-1550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steven Hawkins updated TEIID-1550:
----------------------------------

    Description: 
To assist with implementing row level security through UDFs the following enhancements are requested:

1. Add the ability for data roles to cover functions.
2. Add the ability to get the JAAS subject from the CommandContext so that UDFs can perform attribute or other checks on the subject easily.

Actual row level security will then be up to the implementer of the UDF.

  was:
Requesting Row level security model to restrict user access to sensitive information defining new Security Domain in SOA Platform configured to use XACML authorization. Specification of Business Rules that will restrict access to data at a row level based on User Profile attributes like cost center, roles, portfolio.
Currently this is not available for system or User Defined Functions, just tables.  Requesting that this capability be added.


        Affects: [Documentation (Ref Guide, User Guide, etc.), Release Notes]


To clarify there is nothing here that is a built in feature related to row level security.  The customer logged the issue through GSS with a description of what they were thinking.  Additional requests for details found that they didn't yet have a full implementation path, but would at least want enhancements listed in the description/resolution.

> 1.  How is row level security turned on/off

There is no specific feature related to row level security to turn on/off.

> 2.  Is this a System function that can be called in a transformation

Other than the existing hasRole/user functions, no.

> 3.  What happens if the user doesn't have access, is an exception thrown, the column removed or data nulled out (and are there options to control the behavior)

N/A

> Row level security enhancements
> -------------------------------
>
>                 Key: TEIID-1550
>                 URL: https://issues.jboss.org/browse/TEIID-1550
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: Query Engine
>            Reporter: Debbie Steigner
>            Assignee: Steven Hawkins
>              Labels: 7.4Beta3
>             Fix For: 7.4
>
>
> To assist with implementing row level security through UDFs the following enhancements are requested:
> 1. Add the ability for data roles to cover functions.
> 2. Add the ability to get the JAAS subject from the CommandContext so that UDFs can perform attribute or other checks on the subject easily.
> Actual row level security will then be up to the implementer of the UDF.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list