[teiid-issues] [JBoss JIRA] (TEIID-5734) Planning errors with masking due to unaliased column references

Steven Hawkins (Jira) issues at jboss.org
Fri May 3 09:07:00 EDT 2019 

Steven Hawkins created TEIID-5734:
-------------------------------------

             Summary: Planning errors with masking due to unaliased column references
                 Key: TEIID-5734
                 URL: https://issues.jboss.org/browse/TEIID-5734
             Project: Teiid
          Issue Type: Bug
          Components: Query Engine
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 12.1.2, 12.2, 11.2.3


The ColumnMaskingHelper is creating expressions using the unaliased source name.  This implicitly is relying on other logic, such as the raising of an access node to compensate for that.  If however a view layer with masking is used that has no access nodes or cannot be removed, then exceptions will occur if it appears in the user query aliased and with constructs above, such as an order by.

For example with the vdb:

{code}
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<vdb name="odatacm" version="1">
<description>Test column masking for Odata </description>
<property name="validationDateTime" value="Thu May 02 14:13:21 CDT 2019"/>
<property name="validationVersion" value="8.12.13"/>
<model name="vw" type="VIRTUAL">
<metadata type="DDL"><![CDATA[

CREATE VIEW employee (
    id integer,
    name string,
    taxid string,
    taxid_cd string,
    CONSTRAINT pk_id PRIMARY KEY(id)
) OPTIONS(UPDATABLE 'TRUE') 
AS
    SELECT
        1 AS id, 'Debbie' AS name, '123456789' AS taxid, 'SSN' AS taxid_cd
UNION
SELECT
        2 AS id, 'Mide' AS name, '234567891' AS taxid, 'FED' AS taxid_cd
UNION
SELECT
        3 AS id, 'DJS' AS name, '345678912' AS taxid, 'FED' AS taxid_cd
UNION
SELECT
        4 AS id, 'Joe' AS name, '456789123' AS taxid, 'SSN' AS taxid_cd;

]]></metadata>
</model>
<data-role allow-create-temporary-tables="false" any-authenticated="true" grant-all="false" name="Data Role 1">
<description/>
<permission>
<resource-name>vw.employee.taxid</resource-name>
<condition>vw.employee.id>2</condition>
<mask order="0">'Blocked'</mask>
</permission>
<permission>
<resource-name>vw</resource-name>
<allow-create>false</allow-create>
<allow-read>true</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
<allow-execute>false</allow-execute>
<allow-alter>false</allow-alter>
</permission>
<permission>
<resource-name>sysadmin</resource-name>
<allow-create>false</allow-create>
<allow-read>false</allow-read>
<allow-update>false</allow-update>
<allow-delete>false</allow-delete>
<allow-execute>false</allow-execute>
<allow-alter>false</allow-alter>
</permission>
</data-role>
</vdb>
{code}

and the query "select * from employee as e order by id" is issued, then an exception will be returned:

TEIID30259 Cannot introduce new expressions [vw.employee.id] in duplicate removal

Which is a safe guard to prevent further planning errors - note the unaliased / fully qualified name in the exception message.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the teiid-issues mailing list