You are viewing a plain text version of this content. The canonical link for it is here.
Posted to codereview@trafodion.apache.org by robertamarton <gi...@git.apache.org> on 2018/04/11 15:12:37 UTC
[GitHub] trafodion pull request #1512: [TRAFODION-2175] Get statement enhancements
Github user robertamarton commented on a diff in the pull request:
https://github.com/apache/trafodion/pull/1512#discussion_r180791492
--- Diff: core/sql/executor/ExExeUtilGet.cpp ---
@@ -1642,6 +1672,119 @@ NABoolean ExExeUtilGetMetadataInfoTcb::checkUserPrivs(
return TRUE;
}
+// ----------------------------------------------------------------------------
+// method: colPrivsFrag
+//
+// This method was added to address a performance issue. When determining if
+// the user has column level privileges, we need to get the column name from
+// Hive. The call to get the column name (hivemd) is very expensive. So this
+// method checks to see if the requested user has been granted any column
+// level privileges on a hive table. If so, we will go ahead and do the
+// mapping (call hivemd). If not, then we will not include the hivemd
+// fragment for the query.
+//
+// Since we are scanning the column privileges table anyway, we also see if
+// the requested user (or their roles) has been granted any privileges. If so,
+// we include the column privileges check in the query.
+//
+// For Sentry enabled installations, we won't store Hive privileges in
+// EsgynDB metadata. By avoiding the hivemd calls, we save a lot of time
+// in processing the request.
+//
+// returns additional union(s) for the getPrivForAuth query
+// returns:
+// 0 - successful
+// -1 - unexpected error occurred
+// ----------------------------------------------------------------------------
+Int32 ExExeUtilGetMetadataInfoTcb::colPrivsFrag(
+ const char *authName,
+ const char * cat,
+ const NAString &privWhereClause,
+ NAString &colPrivsStmt)
+{
+ // if no authorization, skip
+ if (!CmpCommon::context()->isAuthorizationEnabled())
+ return 0;
+
+ short rc = 0;
+ Lng32 cliRC = 0;
+
+ // See if privileges granted on Hive object or to the user/user's roles
+ NAString likeClause("like 'HIVE.%'");
+ sprintf(queryBuf_, "select "
+ "sum(case when (object_name %s and grantee_id %s) then 1 else 0 end), "
+ "sum(case when grantee_id %s then 1 else 0 end) "
+ "from %s.\"%s\".%s",
+ likeClause.data(), privWhereClause.data(), privWhereClause.data(),
+ cat, SEABASE_PRIVMGR_SCHEMA,
+ PRIVMGR_COLUMN_PRIVILEGES);
+
+ if (initializeInfoList(infoList_)) return -1;
+
+ numOutputEntries_ = 2;
+ cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
+ if (cliRC < 0)
+ {
+ cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
+ return -1;
+ }
+
+ bool hasHive = false;
+ bool hasGrants = false;
+ infoList_->position();
+ OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
+ if (vi && vi->get(0))
+ {
+ if (*(Lng32*)vi->get(0) > 0)
--- End diff --
I will change these to int64 for a future delivery.
---