[teiid-issues] [JBoss JIRA] (TEIID-5798) Mixed PERMISSION GRANTS

Steven Hawkins (Jira) issues at jboss.org
Wed Jan 15 16:34:01 EST 2020


    [ https://issues.redhat.com/browse/TEIID-5798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13949687#comment-13949687 ] 

Steven Hawkins commented on TEIID-5798:
---------------------------------------

The pg behavior is that policy names are scoped to the table on which they are created - similar to our handling of constraint names.  I don't have a problem if we do that as well, but it will require some additional tracking to determine uniqueness.  We also allow conditions on procedure result sets, so we can't just say in all cases:

create policy p on tbl ...

it will need to instead be:

create policy p on TABLE tbl ...

the drop syntax will similarly be affected.  We can default to a TABLE reference if not specified - so that we can typically be aligned with pg.

> Mixed PERMISSION GRANTS
> -----------------------
>
>                 Key: TEIID-5798
>                 URL: https://issues.redhat.com/browse/TEIID-5798
>             Project: Teiid
>          Issue Type: Enhancement
>          Components: Query Engine
>            Reporter: Christoph John
>            Assignee: Steven Hawkins
>            Priority: Major
>             Fix For: 13.1
>
>   Original Estimate: 6 hours
>          Time Spent: 4 hours
>  Remaining Estimate: 1 day, 6 hours
>
> Hello,
> I am currently trying to set a set of permissions on a table/view. Hence a condition on INSERT,UPDATE,DELETE and an unconditioned SELECT.
> However, it seems that conditioned and unconditioned GRANT statements do not work together.
> {code}
> GRANT INSERT,UPDATE,DELETE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" CONDITION 'UserDefinedProducts_SRC.fkProfile in  (SELECT Account.idProfile FROM Account WHERE Account.uuidUser = LEFT(user(), 36) )' TO odata;
> GRANT SELECT ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" TO odata;
> REVOKE ALTER,EXECUTE ON TABLE "my_nutri_diary.UserDefinedProducts_SRC" FROM odata;
> {code}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)


More information about the teiid-issues mailing list