[teiid-issues] [JBoss JIRA] (TEIID-2695) Unable to use CASE statement in Select

Steven Hawkins (JIRA) jira-events at lists.jboss.org
Fri Oct 11 10:49:26 EDT 2013 

    [ https://issues.jboss.org/browse/TEIID-2695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12813493#comment-12813493 ] 

Steven Hawkins commented on TEIID-2695:
---------------------------------------

> You can't have a role defined in vdb.xml and not JAAS, and still give permission, can you?

The any-authenticated case is the typical scenario for defining a role with no mappings.

> Therefore, wouldn't it be better to just use what defined in JAAS, and not worry about the vdb.xml, cause it all has to be in JAAS anyway to work

Again no.  One of the major trusts of virtualization is to fully encapsulate the virtual environment.  Not allowing a user to do that for security metadata would be quite odd.

Furthermore you still have to map Teiid roles to JAAS groups somehow - you cannot / should not assume a 1-1 mapping.  For example a Teiid role could be granted to several groups.
                
> Unable to use CASE statement in Select
> --------------------------------------
>
>                 Key: TEIID-2695
>                 URL: https://issues.jboss.org/browse/TEIID-2695
>             Project: Teiid
>          Issue Type: Bug
>          Components: Query Engine
>    Affects Versions: 8.4.1
>            Reporter: Van Halbert
>            Assignee: Steven Hawkins
>         Attachments: portfolio-vdb.xml
>
>
> Trying to add a <mask> of:
> <permission>
>       <resource-name>Stocks.StockPrices.Price</resource-name>
>      <mask>CASE WHEN hasRole('prices') THEN Price END</mask>
>  </permission>
> even tried using "= true" just to see
> but it it always returns null for Prices.
> To test it, I logged in as 'user' using CommandLog vdb and issued:
> Select VDB, CASE WHEN hasRole('prices') THEN 'Y' Else 'N' END as V from TEIID_COMMANDLOG
> and 'N' was always returned for column V.
> teiid roles file:
> # A roles.properties file for use with the UsersRolesLoginModule
> # username=role1,role2
> portfolio=superuser
> viewonly=readonly
> user=user,prices

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the teiid-issues mailing list