[teiid-issues] [JBoss JIRA] (TEIID-2484) permission condition caching is incorrect
Steven Hawkins (JIRA)
jira-events at lists.jboss.org
Thu Apr 25 14:02:54 EDT 2013
[ https://issues.jboss.org/browse/TEIID-2484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Hawkins resolved TEIID-2484.
-----------------------------------
Resolution: Done
Addressed the three issues listed and added a check by the validator so that aggregate and other invalid functions produce a better error message.
A remaining issue is how/whether to apply row-based security during a matview load. The current behaviour is that the load will happen under the current user's roles. Other options are to disable row-based security for a mat view load, to throw an exception if filtering is applied during a load, or to do user scoped matviews (which doesn't seem feasible).
For internal matviews we can consistently apply the desired behaviour. However external matviews would seemingly require admin accounts as needed to by-pass the affect of row-based security if needed.
For now we'll just doc the current behaviour (which is somewhat consistent with for example if a source is applying row-based security and a mat view is loaded with an affected user).
> permission condition caching is incorrect
> -----------------------------------------
>
> Key: TEIID-2484
> URL: https://issues.jboss.org/browse/TEIID-2484
> Project: Teiid
> Issue Type: Bug
> Components: Query Engine
> Affects Versions: 8.3
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Priority: Blocker
> Fix For: 8.4
>
>
> The caching of permission conditions is being done across the whole of the roles, which will not be correct for other users with differing subsets of roles.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list