You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hawq.apache.org by "Lei Chang (JIRA)" <ji...@apache.org> on 2016/01/24 03:08:39 UTC

[jira] [Updated] (HAWQ-24) Support superuser to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE

     [ https://issues.apache.org/jira/browse/HAWQ-24?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lei Chang updated HAWQ-24:
--------------------------
    Fix Version/s: backlog

> Support superuser to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE
> ----------------------------------------------------------------------------------------
>
>                 Key: HAWQ-24
>                 URL: https://issues.apache.org/jira/browse/HAWQ-24
>             Project: Apache HAWQ
>          Issue Type: New Feature
>          Components: DDL, Storage
>            Reporter: Ruilong Huo
>            Assignee: Lei Chang
>             Fix For: backlog
>
>
> It raises error "Cannot support GRANT/REVOKE on TABLESPACE statement" while following the HAWQ guide (http://hawq.docs.pivotal.io/docs-gpdb/admin_guide/ddl/ddl-tablespace.html) to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE.
> {code}
> gpadmin=# GRANT CREATE ON TABLESPACE fstbs TO tstuser;
> ERROR:  Cannot support GRANT/REVOKE on TABLESPACE statement
> {code}
> As a consequence, with the user as SUPERUSER is possible to create tables on top of the tablespace, but with a user as NOSUPERUSER its not possible:
> {code}
> tstuser=> CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs;
> NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'col01' as the Greenplum Database data distribution key for this table.
> HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew.
> ERROR:  permission denied for tablespace fstbs
> {code}
>  
> {code}
> gpadmin=# alter user tstuser with superuser;
> ALTER ROLE
> [gpadmin@ai2hdm1 ~]$ psql -d tstuser -U tstuser
> Password for user tstuser: 
> psql (8.2.15)
> Type "help" for help.
> tstuser=# CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs;
> NOTICE:  Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'col01' as the Greenplum Database data distribution key for this table.
> HINT:  The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew.
> CREATE TABLE
> {code}
> Due to security consideration, it is not acceptable for some HAWQ users to always use SUPERUSER to create TABLESPACE.  Thus, we need to support:
> 1. Superuser can GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE.
> 2. Non-supuser can create TABLESPACE once it is granted with creation privilege.
> 3. Non-superuser to GRANT/REVOKE CREATION privilege on TABLESPACE to other users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)