Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-5841

Authorization of table name that contain .

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 13.0
    • Component/s: Query Engine
    • Labels:
      None
    • Sprint:
      DV Sprint 54
    • Story Points:
      5

      Description

      We have a long standing issue with the permission system mostly due to the initial api design - we only pass fully qualified names to the policy decider in the from of schema.table. If the table name contains '.' the policy decider simplistically walks up each segment - which effectively introduces inappropriate checks.

      For example if we have:

      view "a.b" and view "a", when we check permissions for "a.b" we'll first check for the a.b resource, then the a resource - which is not appropriate. This behavior in part was likely initially due to multi-schema import scenarios, such that the imported table names would be qualified by source schema name. Then you could add permissions against that partially qualified name teiidSchema.sourceSchema. That will no longer be possible if we implement TEIID-5840

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shawkins Steven Hawkins
              Reporter:
              shawkins Steven Hawkins
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 6 hours
                  6h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 6 hours
                  6h