You are viewing a plain text version of this content. The canonical link for it is here.
Posted to codereview@trafodion.apache.org by robertamarton <gi...@git.apache.org> on 2016/03/10 22:20:32 UTC
[GitHub] incubator-trafodion pull request: TRAFODION [1696] - drop authoriz...
GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/375
TRAFODION [1696] - drop authorization doesn't drop all roles, and create role will run into internal error
A while back a change was made in the PrivMgr constructors to assume that
authorization is enabled by default instead of the unknown state. If the state
is unknown, privilege manager performs I/O to determine its state, otherwise
no additional checking is performed. This was changed because one, the
authorization check in PrivMgr is expensive and two, the majority of the callers
already perform the authorization check by looking in the compile context set up
during process startup. Role code was not updated to handle this change
correctly as described in TRAFODION-1696. Changes were made to check compiler
context to verify that authorization is enabled for role commands.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion fix-1696
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/375.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #375
----
commit 680f3917fe23fc3d202e218c09ff28574fc83ec3
Author: Roberta Marton <ro...@apache.org>
Date: 2016-03-10T21:18:25Z
TRAFODION [1696] - drop authorization doesn't drop all roles, and create role will run into internal error
A while back a change was made in the PrivMgr constructors to assume that
authorization is enabled by default instead of the unknown state. If the state
is unknown, privilege manager performs I/O to determine its state, otherwise
no additional checking is performed. This was changed because one, the
authorization check in PrivMgr is expensive and two, the majority of the callers
already perform the authorization check by looking in the compile context set up
during process startup. Role code was not updated to handle this change
correctly as described in TRAFODION-1696. Changes were made to check compiler
context to verify that authorization is enabled for role commands.
Fixed a comment related to queryBuf size for internal library management
operations.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-trafodion pull request: TRAFODION [1696] - drop authoriz...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-trafodion/pull/375
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---