[teiid-issues] [JBoss JIRA] (TEIID-2471) Allow permission conditions and masking to be pluggable

Steven Hawkins (JIRA) jira-events at lists.jboss.org
Wed May 22 15:09:06 EDT 2013 

     [ https://issues.jboss.org/browse/TEIID-2471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steven Hawkins resolved TEIID-2471.
-----------------------------------

    Resolution: Done


Added the MetadataFactory methods:
addPermission
addSchemaPermission
addColumnPermission

So that datarole (both the typical CRUD authorizations and the new column masking and row based filters) permissions can be added via a custom MetadataRepository.

The permissions are merged with the statically defined roles in the vdb - so it's expected that the role name given in the add permission method exists.

This covers basic pluggable scenarios and is somewhat updatable in that metadata caching can be disabled for the given source or that vdb restart may be performed that purges the metadata cache so that permissions can be reapplied as needed on restart.

Additional enhancements will be needed for full runtime control (such as grant statements with additional metadata repository/event distribution).

It would also be nice somewhere to have an option to effectively enable a static policy such that all plans can still be shared (there are potential planning drawbacks though if any single operation inhibits pushdown).
                
> Allow permission conditions and masking to be pluggable
> -------------------------------------------------------
>
>                 Key: TEIID-2471
>                 URL: https://issues.jboss.org/browse/TEIID-2471
>             Project: Teiid
>          Issue Type: Sub-task
>          Components: Query Engine
>            Reporter: Steven Hawkins
>            Assignee: Steven Hawkins
>             Fix For: 8.4
>
>
> The AuthorizationValidator or similar interface should allow for alternative implementations to be plugged in for providing permission conditions and column masking.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list