You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hawq.apache.org by "Goden Yao (JIRA)" <ji...@apache.org> on 2016/11/01 05:06:58 UTC

[jira] [Commented] (HAWQ-1130) Make HCatalog integration work with non-superusers

    [ https://issues.apache.org/jira/browse/HAWQ-1130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15624380#comment-15624380 ] 

Goden Yao commented on HAWQ-1130:
---------------------------------

[~nhorn] [~jimmida] may know the history and rationale behind that.

> Make HCatalog integration work with non-superusers
> --------------------------------------------------
>
>                 Key: HAWQ-1130
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1130
>             Project: Apache HAWQ
>          Issue Type: Improvement
>          Components: PXF
>            Reporter: Oleksandr Diachenko
>            Assignee: Oleksandr Diachenko
>             Fix For: 2.0.1.0-incubating
>
>
> According to current implementation user who uses HCatalog integration feature should have SELECT privileges for pg_authid, pg_user_mapping tables.
> It's fine for superusers but we shouldn't expose them to non-superusers because they store hashed user passwords.
> Basically, the problem is how to determine max oid among all oid-having tables.
> Possible solutions:
> * Creating view returning max oid and grant select privilege to public.
> ** Cons:
> *** Requires catalog upgrade;
> * Reading current oid from shared memory.
> ** Pros:
> *** No catalog upgrade needed.
> ** Cons:
> *** Additional exclusive locks needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)