You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hawq.apache.org by "Oleksandr Diachenko (JIRA)" <ji...@apache.org> on 2016/11/22 00:43:58 UTC
[jira] [Resolved] (HAWQ-1130) Make HCatalog integration work with
non-superusers
[ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleksandr Diachenko resolved HAWQ-1130.
---------------------------------------
Resolution: Fixed
> Make HCatalog integration work with non-superusers
> --------------------------------------------------
>
> Key: HAWQ-1130
> URL: https://issues.apache.org/jira/browse/HAWQ-1130
> Project: Apache HAWQ
> Issue Type: Improvement
> Components: PXF
> Reporter: Oleksandr Diachenko
> Assignee: Oleksandr Diachenko
> Fix For: 2.0.1.0-incubating
>
>
> According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables.
> It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords.
> Basically, the problem is how to determine max oid among all oid-having tables.
> Possible solutions:
> * Creating view returning max oid and grant select privilege to public.
> ** Cons:
> *** Requires catalog upgrade;
> * Reading current oid from shared memory.
> ** Pros:
> *** No catalog upgrade needed.
> ** Cons:
> *** Additional exclusive locks needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)