Support grant GRANT_PRIV on database or table level#1472
Merged
morningman merged 7 commits intoapache:masterfrom Jul 16, 2019
Merged
Support grant GRANT_PRIV on database or table level#1472morningman merged 7 commits intoapache:masterfrom
morningman merged 7 commits intoapache:masterfrom
Conversation
Currently, GRANT_PRIV can only be granted on global level, which means it can only be granted on *.*. Grant it on db.* or db.tbl are not allowed. This will not be able to meet the requirement to create a user who has privilege to grant privileges to other users on specified database or table, such as: GRANT SELECT_PRIV ON db1.* TO cmy@'%'; So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on database or even table level, such as: GRANT GRANT_PRIV ON db1.* TO cmy@'%'; And after being granted, the user cmy@'%' can now grant GRANT_PRIV on db1.* to other users.
imay
requested changes
Jul 15, 2019
| if (!Catalog.getCurrentCatalog().getAuth().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) { | ||
| ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "GRANT"); | ||
| } | ||
| } else { |
Contributor
There was a problem hiding this comment.
how about table level?
And grant and revoke has same logic? Does these two class reuse some code?
Contributor
Author
There was a problem hiding this comment.
Yes, Grant and Revoke should use same logic here, I will unify them.
| } | ||
|
|
||
| private boolean checkHasPrivInternal(String host, String user, PrivPredicate priv, PrivLevel... levels) { | ||
| PrivBitSet savedPrivs = PrivBitSet.of(); |
Contributor
Author
There was a problem hiding this comment.
No use, I will delete it
imay
reviewed
Jul 16, 2019
| } | ||
| } else { | ||
| // Rule 5.1 and 5.2 | ||
| if (tblPattern.getPrivLevel() == PrivLevel.GLOBAL) { |
Contributor
There was a problem hiding this comment.
I think TablePattern is a confusing name. It's better you can rename it in later PR
Co-Authored-By: ZHAO Chun <buaa.zhaoc@gmail.com>
HangyuanLiu
added a commit
to HangyuanLiu/incubator-doris
that referenced
this pull request
Jul 17, 2019
fix fix fix add FixBug: if columns of doris table less than parquet file columns , BE will be crash (apache#1464) Build snappy with optimize-options enabled (apache#1467) Fix bug when use SELECT * FROM TABLE LIMIT 1 (apache#1469) Refactor Storage Engine (apache#1478) NOTE: This patch would modify all Backend's data. And this will cause a very long time to restart be. So if you want to interferer your product environment, you should upgrade backend one by one. 1. Refactoring be is to clarify the structure the codes. 2. Use unique id to indicate a rowset. Nameing rowset with tablet_id and version will lead to many conflicts among compaction, clone, restore. 3. Extract an rowset interface to encapsulate rowsets with different format. Remove unused code (apache#1483) Add timeout in stream load planner (apache#1480) Mini load timeout needs to be added in plan options. The timeout property has been added in request of process put. Otherwise, the timeout of mini load is useless. Add log of label, txn and query id in mini load Fix heap-buffer-overflow in split_part() function in StringFunctions (apache#1482) fix fix fix add fix add fix fix fix fix fix fix fix fix fix fix fix fix fix fix fix Modify the result json format of mini load (apache#1487) Mini load is now using stream load framework. But we should keep the mini load return behavior and result json format be same as old. So PUBLISH_TIMEOUT error should be treated as OK in mini load. Also add 2 counters for OlapTableSink profile: SerializeBatchTime: time of serializing all row batch. WaitInFlightPacketTime: time of waiting last send packet Support grant GRANT_PRIV on database or table level (apache#1472) Currently, GRANT_PRIV can only be granted on global level, which means it can only be granted on *.*. Grant it on db.* or db.tbl are not allowed. This will not be able to meet the requirement to create a user who has privilege to grant privileges to other users on specified database or table, such as: GRANT SELECT_PRIV ON db1.* TO cmy@'%'; So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on database or even table level, such as: GRANT GRANT_PRIV ON db1.* TO cmy@'%'; And after being granted, the user cmy@'%' can now grant GRANT_PRIV on db1.* to other users. Add partition id to tablet meta in be (apache#1490) FE uses partition_id to publish version. BE should check whether all tablets related with this partition have the version. But Tablet in BE does not have partition id in its metadata. So that BE could not check it. This patch will add partition id to tablet meta during report task. Sync at most 10k tablets during set tablet meta. fix fix fix fix fix fix fix fix fix add
Closed
luwei16
pushed a commit
to luwei16/Doris
that referenced
this pull request
Apr 7, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently, GRANT_PRIV can only be granted on global level, which means
it can only be granted on
*.*. Grant it ondb.*ordb.tblare not allowed.This will not be able to meet the requirement to create a user who has privilege
to grant privileges to other users on specified database or table, such as:
GRANT SELECT_PRIV ON db1.* TO cmy@'%';So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on
database or even table level, such as:
GRANT GRANT_PRIV ON db1.* TO cmy@'%';And after being granted, the user
cmy@'%'can now grant GRANT_PRIV ondb1.*toother users.
More details can be seen in
docs/documentation/cn/administrator-guide/privilege.mdISSUE: #1473