Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add checkCanRefreshMaterializedView access control #7707

Merged
merged 2 commits into from
Apr 29, 2021
Merged

Add checkCanRefreshMaterializedView access control #7707

merged 2 commits into from
Apr 29, 2021

Conversation

raunaqmorarka
Copy link
Member

No description provided.

@cla-bot cla-bot bot added the cla-signed label Apr 22, 2021
kokosing
kokosing approved these changes Apr 23, 2021
View reviewed changes
lib/trino-plugin-toolkit/src/test/resources/file-based-system-access-table.json
@@ -11,7 +11,7 @@
},
{
"user": "admin",
"privileges": ["SELECT", "INSERT", "DELETE", "OWNERSHIP"]
"privileges": ["SELECT", "INSERT", "UPDATE", "DELETE", "OWNERSHIP"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to add "UPDATE" if user already has "OWNERSHIP"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FileBasedAccessControl#checkTablePermission doesn't give any special importance to OWNERSHIP privilege, it checks for the presence of specified privilege only.

sopel39
sopel39 approved these changes Apr 27, 2021
View reviewed changes
Copy link
Member

@sopel39 sopel39 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any doc to be updated regarding MV security checks?

Do we have any section on MV at all? cc @mosabua

core/trino-main/src/main/java/io/trino/sql/analyzer/StatementAnalyzer.java Show resolved Hide resolved
core/trino-main/src/main/java/io/trino/sql/analyzer/StatementAnalyzer.java Show resolved Hide resolved
@mosabua
Copy link
Member

mosabua commented Apr 27, 2021

Doesnt this need some sort of documentation? At least an example?

@mosabua
Copy link
Member

mosabua commented Apr 27, 2021

If we have no section on materialized views .. we should add one.

@raunaqmorarka
Use checkCanRefreshMaterializedView for refresh MV
c9468d6 
Apply access control check on materialzed view object
instead of the storage table for REFRESH MV command.
@sopel39
Copy link
Member

sopel39 commented Apr 29, 2021

If we have no section on materialized views .. we should add one.

@mosabua could you craete issue for this?

@sopel39 sopel39 merged commit f5692f9 into trinodb:master Apr 29, 2021
@sopel39 sopel39 mentioned this pull request Apr 29, 2021
Closed
9 tasks
@raunaqmorarka raunaqmorarka deleted the mv-refresh-ac branch April 29, 2021 12:32
@martint martint added this to the 356 milestone Apr 29, 2021
@raunaqmorarka raunaqmorarka mentioned this pull request May 12, 2021
Closed
@m57lyra m57lyra mentioned this pull request May 21, 2021
Open
@m57lyra
Copy link
Contributor

m57lyra commented May 21, 2021

If we have no section on materialized views .. we should add one.

@mosabua could you craete issue for this?

#8030

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sopel39 sopel39 sopel39 approved these changes

@anjalinorwood anjalinorwood anjalinorwood approved these changes

@kokosing kokosing Awaiting requested review from kokosing

Assignees
No one assigned
Labels
cla-signed
Milestone
356
Development

Successfully merging this pull request may close these issues.
7 participants
@raunaqmorarka @mosabua @sopel39 @m57lyra @kokosing @anjalinorwood @martint