Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-4770

The convert script generates empty GRANT statements for roles that don't have permission to access a certain schema.

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 9.3, 9.2.1
    • 9.2
    • Build/Kits
    • None

      The convert script generates empty GRANT statements for roles that don't have permission to access a certain schema.

      E.g. GRANT ON SCHEMA glims TO mica;

      When you try to deploy the script, the server complains that it expects a permission type (like select or alter) here.

      These lines should probably be removed.

            [TEIID-4770] The convert script generates empty GRANT statements for roles that don't have permission to access a certain schema.

            Steven Hawkins added a comment -

            Syntax changes were documented - https://teiid.gitbooks.io/documents/content/reference/ddl_deployment_mode.html

            Steven Hawkins added a comment - Syntax changes were documented - https://teiid.gitbooks.io/documents/content/reference/ddl_deployment_mode.html

            Steven Hawkins added a comment -

            Changes for this include:

            • MetadataStore tracks revokes
            • removed the GRANT keyword from REVOKE
            • Changed language to be a resource type
            • Changed parsing so that ALL PRIVILEGES, TEMPORARY TABLES, and LANGUAGE are handled individually, and that we can have a grant/revoke with no privileges if it affects a mask/condition.

            Steven Hawkins added a comment - Changes for this include: MetadataStore tracks revokes removed the GRANT keyword from REVOKE Changed language to be a resource type Changed parsing so that ALL PRIVILEGES, TEMPORARY TABLES, and LANGUAGE are handled individually, and that we can have a grant/revoke with no privileges if it affects a mask/condition.

            Bram Gadeyne (Inactive) added a comment -

            Hi Steven,

            Please let me know if you need the full data-role xml. e.g. for the resource glims it is defined (by teiiddesigner) as:

            <data-role name="mica" any-authenticated="false" allow-create-temporary-tables="true" grant-all="false">
        <description></description>
        <!-- ... -->
        <permission>
            <resource-name>glims</resource-name>
            <allow-create>false</allow-create>
            <allow-read>false</allow-read>
            <allow-update>false</allow-update>
            <allow-delete>false</allow-delete>
            <allow-execute>false</allow-execute>
            <allow-alter>false</allow-alter>
        </permission>
        <!-- ... -->
        <mapped-role-name>mica</mapped-role-name>
    </data-role>

            Bram Gadeyne (Inactive) added a comment - Hi Steven, Please let me know if you need the full data-role xml. e.g. for the resource glims it is defined (by teiiddesigner) as: <data-role name= "mica" any-authenticated= "false" allow-create-temporary-tables= "true" grant-all= "false" > <description> </description> <!-- ... --> <permission> <resource-name> glims </resource-name> <allow-create> false </allow-create> <allow-read> false </allow-read> <allow-update> false </allow-update> <allow-delete> false </allow-delete> <allow-execute> false </allow-execute> <allow-alter> false </allow-alter> </permission> <!-- ... --> <mapped-role-name> mica </mapped-role-name> </data-role>

            Steven Hawkins added a comment -

            Do you have an example of what data role xml generated the empty grant?

            Steven Hawkins added a comment - Do you have an example of what data role xml generated the empty grant?

              rhn-engineering-shawkins Steven Hawkins
              gadeynebram Bram Gadeyne (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: