Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Eigenbase meetupfeb2011

837 views

Published on

Notes on Eigenbase/LucidDB security work by JVS at February 2011 Eigenbase meetup.

  • Be the first to comment

  • Be the first to like this

Eigenbase meetupfeb2011

  1. 1. EigenbaseMeetup Feb 2011SQL:2008 Authorization<br />JVS Slides<br />
  2. 2. Authorization Model<br />
  3. 3. Supported Privileges<br />SELECT/INSERT/UPDATE/DELETE on tables<br />Column-level not supported; use views<br />EXECUTE on functions<br />REFERENCES on tables<br />Controls whether views can be created on them<br />USAGE on UDT’s<br />Extension projects can define new privileges as well as categorize the objects on which they apply<br />
  4. 4. Notes on Roles<br />Users/roles can inherit multiple roles<br />Role inheritance cycles are not allowed<br />A role has to be explicitly “activated” in a session<br />At most one at a time<br />Roles can own objects and can be grantor<br />Avoids CASCADE which would occur when owner/grantor is a user who later gets dropped<br />
  5. 5. Some Syntax<br />GRANT ROLE unqualified-role-name, ...<br />TO unqualified-user-or-role-name, ...<br />[ WITH ADMIN OPTION ]<br />[ GRANTED BY { CURRENT_ROLE | CURRENT_USER } ]<br />GRANT { ALL PRIVILEGES | privileged-action, ... }<br />ON [ TABLE | SPECIFIC { FUNCTION | PROCEDURE | ROUTINE } ] qualified-object-name<br />TO unqualified-user-or-role-name, ...<br />[ WITH GRANT OPTION ]<br />[ GRANTED BY { CURRENT_ROLE | CURRENT_USER } ]<br />privileged-action ::=<br />{ INSERT | UPDATE | SELECT | DELETE | EXECUTE | USAGE | REFERENCES }<br />
  6. 6. “setuid”<br />Currently only works for UDR implemented in Java<br />Does not apply to UDX cursor inputs (those are treated the as the rest of the invoking query)<br />CREATE { FUNCTION | PROCEDURE }<br />…<br />EXTERNAL NAME 'external-name'<br />[ EXTERNAL SECURITY { DEFINER | INVOKER | IMPLEMENTATION DEFINED } ]<br />
  7. 7. Authorization Stack<br />Relevant when UDR’s call back in via jdbc:default:connection<br />Implicit impersonation (via setuid)<br />Explicit impersonation (via SET SESSION AUTHORIZATION)<br />Role changes via SET ROLE<br />CURRENT_ROLE is cleared in new stack frame<br />SESSION_USER vs CURRENT_USER<br />
  8. 8. Metadata Visibility<br />Currently applies only to JDBC views, which themselves are queryable by PUBLIC<br />Object is visible if user has any privilege granted on it<br />Either directly or via role (recursively)<br />Implemented via UDX FILTER_USER_VISIBLE_OBJECTS<br />Need an equivalent for LucidDB-specific views (USER_ views to go with DBA_ views)<br />
  9. 9. Open Issue: Advanced Privileges<br />Jar/function creation<br />ANALYZE/REBUILD/TRUNCATE TABLE<br />SQL/MED server/wrapper creation/reference<br />SQL/MED metadata import<br />Named catalog creation<br />User/role creation<br />Repository replacement<br />Catalog extension models<br />Purge/checkpoint, label creation<br />ALTER SYSTEM, ALTER SESSION<br />Impersonation<br />Backup/restore<br />
  10. 10. New LucidDB SYS_ROOT Views<br />DBA_USERS<br />DBA_ROLES<br />DBA_AUTH_IDS (union of users and roles)<br />DBA_INHERITED_ROLES<br />DBA_ELEMENT_GRANTS<br />Thanks to Kevin Secretan!<br />
  11. 11. Remaining Work<br />REVOKE (all of it)<br />Non-table privileges<br />Schema AUTHORIZATION clause<br />Needed for allowing schema and its objects to be owned by role instead of user<br />View grant dependencies<br />REFERENCES, USAGE<br />SET SESSION AUTHORIZATION (impersonation)<br />

×