Support fixed server and database roles. #3216
Open
+28,239
−724
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added support for new fixed server role securityadmin. This role has following privileges with it: Members of the securityadmin fixed server role can manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. securityadmin can also GRANT, DENY, and REVOKE database-level permissions if they have access to a database. Original PR with all the comments babelfish-for-postgresql#2907 Issue resolved: BABEL-5040 Signed-off-by: ANJU BHARTI <[email protected]>
Description For review comments see babelfish-for-postgresql#2970 Support fixed database role db_accessadmin in babelfish. Member of db_accessadmin can do the following CREATE SCHEMA CREATE/DROP USER ALTER USER They always have connect permission Engine PR: babelfish-for-postgresql/postgresql_modified_for_babelfish#447 Extension PR: #66 Issues Resolved [BABEL-5136]
Implement database roles `db_datareader` and `db_datawriter` * Members of the db_datareader fixed database role can read all data from all user tables and views. User objects can exist in any schema except sys and INFORMATION_SCHEMA. * Members of the db_datawriter fixed database role can add, delete, or change data in all user tables. In most use cases, this role is combined with db_datareader membership to allow reading the data that is to be modified. Engine PR: amazon-aurora/postgresql_modified_for_babelfish#98 Task: [BABEL-3883](https://jira.rds.a2z.com/browse/BABEL-3883) Signed-off-by: Shalini Lohia <[email protected]>
This role has following privileges with it: Members of the dbcreator fixed server role can 1. Create database 2. Alter database (if has access to that database, i.e either owner of the database or has mapped user in it) 3. Drop any database. Engine PR : amazon-aurora/postgresql_modified_for_babelfish#93 Issues Resolved [BABEL-5115] By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. Signed-off-by: ANJU BHARTI <[email protected]>
This commit adds support for db_securityadmin fixed database roles. Members of db_securityadmin can perform following operations within a particular database: create schema create database roles alter/drop user-defined database roles manage permissions via grant/revoke statements Engine Changes - amazon-aurora/postgresql_modified_for_babelfish#100 Issues Resolved [BABEL-5135] Signed-off-by: Harsh Lunagariya <[email protected]>
Support fixed database role db_ddladmin Engine PR : amazon-aurora/postgresql_modified_for_babelfish#101 Task : BABEL-5116 Signed-off-by: Tanzeel Khan [email protected]
This commit adds support to alter the db_owner role and add/drop users from it. Whenever a new user, say u1, is added to db_owner role, we will internally create a new role u1_obj which will be owner of all the objects of u1. By doing so, we are able to work around the cyclic dependency of role membership in postgres. If u1 creates new objects, using the pre-existing post object creation hook, we will reassign ownership of u1's objects to u1_obj. Similarly, if u1 is dropped from db_owner role, we will drop the u1_obj role and reassign ownership u1's objects from u1_obj role back to u1. Task: BABEL-4899 Signed-off-by: Sharu Goel <[email protected]>
Signed-off-by: ANJU BHARTI <[email protected]>
anju15bharti
requested review from
HarshLunagariya,
thephantomthief,
shalinilohia50 and
tanscorpio7
…abelfish-for-postgresql#3172) Update the is_fixed_role column in babelfish catalogs babelfish_authid_login_ext and babelfish_authid_user_ext for fixed database and server roles. Task: BABEL-5333 Signed-off-by: Shalini Lohia [email protected]
…r-postgresql#3210) T-SQL allows member of db_datawriter to get next value from sequence. Issues Resolved Task: BABEL-5356 Signed-off-by: Shalini Lohia [email protected]
anju15bharti
force-pushed
the
roles-4-x
branch
from
fa7801c to
c7c9221
Compare
…base guest roles (babelfish-for-postgresql#3184) With this commit we ensure that any fixed server role other than sysadmin should not have membership in databases' guest role. Issues Resolved: BABEL-5408 Signed-off-by: ANJU BHARTI <[email protected]>
anju15bharti
force-pushed
the
roles-4-x
branch
from
c7c9221 to
0947bbd
Compare
Signed-off-by: ANJU BHARTI <[email protected]>
shalinilohia50
approved these changes
Dec 9, 2024
tanscorpio7
approved these changes
Dec 9, 2024
HarshLunagariya
approved these changes
Dec 11, 2024
shardgupta
approved these changes
Dec 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Support fixed server and database roles.
Engine PR : babelfish-for-postgresql/postgresql_modified_for_babelfish#494