You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@iotdb.apache.org by GitBox <gi...@apache.org> on 2021/11/03 06:44:10 UTC
[GitHub] [iotdb] BraggingMan opened a new issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
BraggingMan opened a new issue #4308:
URL: https://github.com/apache/iotdb/issues/4308
**Describe the bug**
参考文档 [IotDB Permission Operation Doc](https://iotdb.apache.org/zh/UserGuide/V0.12.x/Administration-Management/Administration.html ) 和 [UDF Requirements Doc](https://iotdb.apache.org/zh/UserGuide/V0.12.x/UDF/UDF-User-Defined-Function.html),
我们希望将用户定义函数UDF的权限赋予新建的用户和角色中。但是当我尝试使用赋权命令向非"root"前缀的nodename 赋予"READ_TIMESERIES", "DROP_FUNCTION", "CREATE_FUNCTION"三个必须的权限时,出现了权限失效的情况。
**To Reproduce**
1. 建立了两个用户udtf_test1和udtf_test2;
create user udtf_test1 'xxxxxxxx'
create user udtf_test2 'xxxxxxxx'
2. 建立了两个角色,udtf_test_role1和udtf_test_role2
CREATE ROLE udtf_test_role1
CREATE ROLE udtf_test_role2
3. 分别将权限赋予root 和 root.test
GRANT ROLE udtf_test_role1 PRIVILEGES 'SET_STORAGE_GROUP','CREATE_TIMESERIES','INSERT_TIMESERIES','READ_TIMESERIES','DELETE_TIMESERIES','DROP_FUNCTION','CREATE_FUNCTION' ON root
GRANT ROLE udtf_test_role2 PRIVILEGES 'SET_STORAGE_GROUP','CREATE_TIMESERIES','INSERT_TIMESERIES','READ_TIMESERIES','DELETE_TIMESERIES','DROP_FUNCTION','CREATE_FUNCTION' ON root.test
4.将角色权限赋予用户
GRANT udtf_test_role1 TO udtf_test1
GRANT udtf_test_role2 TO udtf_test2
5. 分别使用两个用户执行查询
select xxx from yyy where time >= 2021-01-01 and time<= 2021-01-31 23:59:59
6. udtf_test1可正确执行,udtf_test2报错:Msg: 602: No permissions for this operation UDTF
7. 参考文档CREATE_FUNCTION 和 DROP_FUNCTION 为路径无关权限,只可以赋权给root,而READ_TIMESERIES可以赋权给root.test前缀,怀疑此问题是导致权限失效的原因;
**Screenshots**
下图为用户赋权对比:
下图为执行udf查询结果对比:
**Desktop (please complete the following information):**
- OS: Amazon Linux
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] github-actions[bot] commented on issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #4308:
URL: https://github.com/apache/iotdb/issues/4308#issuecomment-958688808
Hi, this is your first issue in IoTDB project. Thanks for your report. Welcome to join the community!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] github-actions[bot] commented on issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #4308:
URL: https://github.com/apache/iotdb/issues/4308#issuecomment-958688808
Hi, this is your first issue in IoTDB project. Thanks for your report. Welcome to join the community!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] github-actions[bot] commented on issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #4308:
URL: https://github.com/apache/iotdb/issues/4308#issuecomment-958688808
Hi, this is your first issue in IoTDB project. Thanks for your report. Welcome to join the community!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] github-actions[bot] commented on issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #4308:
URL: https://github.com/apache/iotdb/issues/4308#issuecomment-958688808
Hi, this is your first issue in IoTDB project. Thanks for your report. Welcome to join the community!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [iotdb] SteveYurongSu closed issue #4308: 用户与角色UDF权限赋予无法正确生效,查询报错"Msg: 602: No permissions for this operation UDTF"
Posted by GitBox <gi...@apache.org>.
SteveYurongSu closed issue #4308:
URL: https://github.com/apache/iotdb/issues/4308
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org