[teiid-issues] [JBoss JIRA] (TEIID-5798) Mixed PERMISSION GRANTS
Steven Hawkins (Jira)
issues at jboss.org
Mon Dec 2 07:39:00 EST 2019
[ https://issues.jboss.org/browse/TEIID-5798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13819615#comment-13819615 ]
Steven Hawkins commented on TEIID-5798:
---------------------------------------
> So this will still work, right?
Yes, the same expressions will be supported.
> I do not remember we supporting role list anyway before on GRANT with CONDITION, so you are saying this is just different from other vendors right?
Correct. Given our current logic it makes things much simpler if a policy / mask target a single role, rather than supporting multiple like pg or none like db.
> Mixed PERMISSION GRANTS
> -----------------------
>
> Key: TEIID-5798
> URL: https://issues.jboss.org/browse/TEIID-5798
> Project: Teiid
> Issue Type: Enhancement
> Components: Query Engine
> Reporter: Christoph John
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 13.0
>
> Original Estimate: 6 hours
> Time Spent: 3 hours
> Remaining Estimate: 1 day, 7 hours
>
> Hello,
> I am currently trying to set a set of permissions on a table/view. Hence a condition on INSERT,UPDATE,DELETE and an unconditioned SELECT.
> However, it seems that conditioned and unconditioned GRANT statements do not work together.
> {code}
> GRANT INSERT,UPDATE,DELETE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" CONDITION 'UserDefinedProducts_SRC.fkProfile in (SELECT Account.idProfile FROM Account WHERE Account.uuidUser = LEFT(user(), 36) )' TO odata;
> GRANT SELECT ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" TO odata;
> REVOKE ALTER,EXECUTE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" FROM odata;
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the teiid-issues
mailing list