EigenbaseMeetup Feb 2011SQL:2008 Authorization<br />JVS Slides<br />
Authorization Model<br />
Supported Privileges<br />SELECT/INSERT/UPDATE/DELETE on tables<br />Column-level not supported; use views<br />EXECUTE on...
Notes on Roles<br />Users/roles can inherit multiple roles<br />Role inheritance cycles are not allowed<br />A role has to...
Some Syntax<br />GRANT ROLE unqualified-role-name, ...<br />TO unqualified-user-or-role-name, ...<br />[ WITH ADMIN OPTION...
“setuid”<br />Currently only works for UDR implemented in Java<br />Does not apply to UDX cursor inputs (those are treated...
Authorization Stack<br />Relevant when UDR’s call back in via jdbc:default:connection<br />Implicit impersonation (via set...
Metadata Visibility<br />Currently applies only to JDBC views, which themselves are queryable by PUBLIC<br />Object is vis...
Open Issue:  Advanced Privileges<br />Jar/function creation<br />ANALYZE/REBUILD/TRUNCATE TABLE<br />SQL/MED server/wrappe...
New LucidDB SYS_ROOT Views<br />DBA_USERS<br />DBA_ROLES<br />DBA_AUTH_IDS (union of users and roles)<br />DBA_INHERITED_R...
Remaining Work<br />REVOKE (all of it)<br />Non-table privileges<br />Schema AUTHORIZATION clause<br />Needed for allowing...
Upcoming SlideShare
Loading in...5
×

Eigenbase meetupfeb2011

595

Published on

Notes on Eigenbase/LucidDB security work by JVS at February 2011 Eigenbase meetup.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
595
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Eigenbase meetupfeb2011

  1. 1. EigenbaseMeetup Feb 2011SQL:2008 Authorization<br />JVS Slides<br />
  2. 2. Authorization Model<br />
  3. 3. Supported Privileges<br />SELECT/INSERT/UPDATE/DELETE on tables<br />Column-level not supported; use views<br />EXECUTE on functions<br />REFERENCES on tables<br />Controls whether views can be created on them<br />USAGE on UDT’s<br />Extension projects can define new privileges as well as categorize the objects on which they apply<br />
  4. 4. Notes on Roles<br />Users/roles can inherit multiple roles<br />Role inheritance cycles are not allowed<br />A role has to be explicitly “activated” in a session<br />At most one at a time<br />Roles can own objects and can be grantor<br />Avoids CASCADE which would occur when owner/grantor is a user who later gets dropped<br />
  5. 5. Some Syntax<br />GRANT ROLE unqualified-role-name, ...<br />TO unqualified-user-or-role-name, ...<br />[ WITH ADMIN OPTION ]<br />[ GRANTED BY { CURRENT_ROLE | CURRENT_USER } ]<br />GRANT { ALL PRIVILEGES | privileged-action, ... }<br />ON [ TABLE | SPECIFIC { FUNCTION | PROCEDURE | ROUTINE } ] qualified-object-name<br />TO unqualified-user-or-role-name, ...<br />[ WITH GRANT OPTION ]<br />[ GRANTED BY { CURRENT_ROLE | CURRENT_USER } ]<br />privileged-action ::=<br />{ INSERT | UPDATE | SELECT | DELETE | EXECUTE | USAGE | REFERENCES }<br />
  6. 6. “setuid”<br />Currently only works for UDR implemented in Java<br />Does not apply to UDX cursor inputs (those are treated the as the rest of the invoking query)<br />CREATE { FUNCTION | PROCEDURE }<br />…<br />EXTERNAL NAME 'external-name'<br />[ EXTERNAL SECURITY { DEFINER | INVOKER | IMPLEMENTATION DEFINED } ]<br />
  7. 7. Authorization Stack<br />Relevant when UDR’s call back in via jdbc:default:connection<br />Implicit impersonation (via setuid)<br />Explicit impersonation (via SET SESSION AUTHORIZATION)<br />Role changes via SET ROLE<br />CURRENT_ROLE is cleared in new stack frame<br />SESSION_USER vs CURRENT_USER<br />
  8. 8. Metadata Visibility<br />Currently applies only to JDBC views, which themselves are queryable by PUBLIC<br />Object is visible if user has any privilege granted on it<br />Either directly or via role (recursively)<br />Implemented via UDX FILTER_USER_VISIBLE_OBJECTS<br />Need an equivalent for LucidDB-specific views (USER_ views to go with DBA_ views)<br />
  9. 9. Open Issue: Advanced Privileges<br />Jar/function creation<br />ANALYZE/REBUILD/TRUNCATE TABLE<br />SQL/MED server/wrapper creation/reference<br />SQL/MED metadata import<br />Named catalog creation<br />User/role creation<br />Repository replacement<br />Catalog extension models<br />Purge/checkpoint, label creation<br />ALTER SYSTEM, ALTER SESSION<br />Impersonation<br />Backup/restore<br />
  10. 10. New LucidDB SYS_ROOT Views<br />DBA_USERS<br />DBA_ROLES<br />DBA_AUTH_IDS (union of users and roles)<br />DBA_INHERITED_ROLES<br />DBA_ELEMENT_GRANTS<br />Thanks to Kevin Secretan!<br />
  11. 11. Remaining Work<br />REVOKE (all of it)<br />Non-table privileges<br />Schema AUTHORIZATION clause<br />Needed for allowing schema and its objects to be owned by role instead of user<br />View grant dependencies<br />REFERENCES, USAGE<br />SET SESSION AUTHORIZATION (impersonation)<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×