Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support grant GRANT_PRIV on database or table level #1472

Merged
merged 7 commits into from
Jul 16, 2019
Merged

Support grant GRANT_PRIV on database or table level #1472

merged 7 commits into from
Jul 16, 2019

Conversation

morningman
Copy link
Contributor

@morningman morningman commented Jul 14, 2019
edited
Loading

Currently, GRANT_PRIV can only be granted on global level, which means
it can only be granted on *.*. Grant it on db.* or db.tbl are not allowed.

This will not be able to meet the requirement to create a user who has privilege
to grant privileges to other users on specified database or table, such as:

GRANT SELECT_PRIV ON db1.* TO cmy@'%';

So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on
database or even table level, such as:

GRANT GRANT_PRIV ON db1.* TO cmy@'%';

And after being granted, the user cmy@'%' can now grant GRANT_PRIV on db1.* to
other users.

More details can be seen in docs/documentation/cn/administrator-guide/privilege.md

ISSUE: #1473

@morningman
first commit
9779ea5
@morningman
Support grant GRANT_PRIV on database or table level.
dbce92b 
Currently, GRANT_PRIV can only be granted on global level, which means
it can only be granted on *.*. Grant it on db.* or db.tbl are not allowed.

This will not be able to meet the requirement to create a user who has privilege
to grant privileges to other users on specified database or table, such as:

GRANT SELECT_PRIV ON db1.* TO cmy@'%';

So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on
database or even table level, such as:

GRANT GRANT_PRIV ON db1.* TO cmy@'%';

And after being granted, the user cmy@'%' can now grant GRANT_PRIV on db1.* to
other users.
@morningman
fix bug
fcfff24
@morningman
fix ut bug
a706f9a
imay
imay requested changes Jul 15, 2019
View reviewed changes
fe/src/main/java/org/apache/doris/analysis/RevokeStmt.java Outdated
if (!Catalog.getCurrentCatalog().getAuth().checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR, "GRANT");
}
} else {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about table level?

And grant and revoke has same logic? Does these two class reuse some code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, Grant and Revoke should use same logic here, I will unify them.

fe/src/main/java/org/apache/doris/mysql/privilege/PaloAuth.java Outdated
}

private boolean checkHasPrivInternal(String host, String user, PrivPredicate priv, PrivLevel... levels) {
PrivBitSet savedPrivs = PrivBitSet.of();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this savedPrivs useful?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No use, I will delete it

imay
imay reviewed Jul 16, 2019
View reviewed changes
docs/help/Contents/Account Management/help.md Outdated Show resolved Hide resolved
fe/src/main/java/org/apache/doris/analysis/GrantStmt.java
}
} else {
// Rule 5.1 and 5.2
if (tblPattern.getPrivLevel() == PrivLevel.GLOBAL) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think TablePattern is a confusing name. It's better you can rename it in later PR

@morningman @imay
Update docs/help/Contents/Account Management/help.md
789947e 
Co-Authored-By: ZHAO Chun <buaa.zhaoc@gmail.com>
imay
imay approved these changes Jul 16, 2019
View reviewed changes
Copy link
Contributor

@imay imay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@morningman morningman merged commit 2551248 into apache:master Jul 16, 2019
HangyuanLiu added a commit to HangyuanLiu/incubator-doris that referenced this pull request Jul 17, 2019
@HangyuanLiu
fix
af9ce89 
fix

fix

fix

add

FixBug: if columns of doris table less than parquet file columns , BE will be crash (apache#1464)

Build snappy with optimize-options enabled (apache#1467)

Fix bug when use SELECT * FROM TABLE LIMIT 1 (apache#1469)

Refactor Storage Engine (apache#1478)

NOTE: This patch would modify all Backend's data.
And this will cause a very long time to restart be.
So if you want to interferer your product environment,
you should upgrade backend one by one.

1. Refactoring be is to clarify the structure the codes.
2. Use unique id to indicate a rowset.
   Nameing rowset with tablet_id and version will lead to
   many conflicts among compaction, clone, restore.
3. Extract an rowset interface to encapsulate rowsets
   with different format.

Remove unused code (apache#1483)

Add timeout in stream load planner (apache#1480)

Mini load timeout needs to be added in plan options.
The timeout property has been added in request of process put.
Otherwise, the timeout of mini load is useless.

Add log of label, txn and query id in mini load

Fix heap-buffer-overflow in split_part() function in StringFunctions (apache#1482)

fix

fix

fix

add

fix

add

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

fix

Modify the result json format of mini load (apache#1487)

Mini load is now using stream load framework. But we should keep the
mini load return behavior and result json format be same as old.
So PUBLISH_TIMEOUT error should be treated as OK in mini load.

Also add 2 counters for OlapTableSink profile:
SerializeBatchTime: time of serializing all row batch.
WaitInFlightPacketTime: time of waiting last send packet

 Support grant GRANT_PRIV on database or table level (apache#1472)

Currently, GRANT_PRIV can only be granted on global level, which means
it can only be granted on *.*. Grant it on db.* or db.tbl are not allowed.

This will not be able to meet the requirement to create a user who has privilege
to grant privileges to other users on specified database or table, such as:

GRANT SELECT_PRIV ON db1.* TO cmy@'%';

So I extend the range of GRANT_PRIV. User can now grant GRANT_PRIV on
database or even table level, such as:

GRANT GRANT_PRIV ON db1.* TO cmy@'%';

And after being granted, the user cmy@'%' can now grant GRANT_PRIV on db1.* to
other users.

Add partition id to tablet meta in be (apache#1490)

FE uses partition_id to publish version. BE should check whether all tablets related with this partition have the version. But Tablet in BE does not have partition id in its metadata. So that BE could not check it.

This patch will add partition id to tablet meta during report task.
Sync at most 10k tablets during set tablet meta.

fix

fix

fix

fix

fix

fix

fix

fix

fix

add
@imay imay mentioned this pull request Sep 26, 2019
Closed
luwei16 pushed a commit to luwei16/incubator-doris that referenced this pull request Apr 7, 2023
@Xiaoccer
[feature](selectdb-cloud) Add HTTP support to disable SSE (apache#1472)
9a99660
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imay imay imay approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@morningman @imay