trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] trafodion pull request #1512: [TRAFODION-2175] Get statement enhancements
Date Wed, 11 Apr 2018 15:12:37 GMT
Github user robertamarton commented on a diff in the pull request:

    https://github.com/apache/trafodion/pull/1512#discussion_r180791492
  
    --- Diff: core/sql/executor/ExExeUtilGet.cpp ---
    @@ -1642,6 +1672,119 @@ NABoolean ExExeUtilGetMetadataInfoTcb::checkUserPrivs(
       return TRUE;
     }
     
    +// ----------------------------------------------------------------------------
    +// method:  colPrivsFrag
    +//
    +// This method was added to address a performance issue.  When determining if 
    +// the user has column level privileges, we need to get the column name from 
    +// Hive.  The call to get the column name (hivemd) is very expensive.  So this
    +// method checks to see if the requested user has been granted any column
    +// level privileges on a hive table.  If so, we will go ahead and do the
    +// mapping (call hivemd).  If not, then we will not include the hivemd 
    +// fragment for the query.
    +//
    +// Since we are scanning the column privileges table anyway, we also see if 
    +// the requested user (or their roles) has been granted any privileges.  If so,
    +// we include the column privileges check in the query. 
    +//
    +// For Sentry enabled installations, we won't store Hive privileges in 
    +// EsgynDB metadata.  By avoiding the hivemd calls, we save a lot of time
    +// in processing the request.
    +//
    +//  returns additional union(s) for the getPrivForAuth query
    +//  returns:
    +//     0 - successful
    +//    -1 - unexpected error occurred
    +// ----------------------------------------------------------------------------
    +Int32 ExExeUtilGetMetadataInfoTcb::colPrivsFrag(
    +  const char *authName,
    +  const char * cat,
    +  const NAString &privWhereClause,
    +  NAString &colPrivsStmt)
    +{
    +  // if no authorization, skip
    +  if (!CmpCommon::context()->isAuthorizationEnabled())
    +    return 0;
    +
    +  short rc      = 0;
    +  Lng32 cliRC   = 0;
    +
    +  // See if privileges granted on Hive object or to the user/user's roles
    +  NAString likeClause("like 'HIVE.%'");
    +  sprintf(queryBuf_, "select "
    +                     "sum(case when (object_name %s and grantee_id %s) then 1 else 0
end), "
    +                     "sum(case when grantee_id %s then 1 else 0 end) "
    +                     "from %s.\"%s\".%s",
    +          likeClause.data(), privWhereClause.data(), privWhereClause.data(),
    +          cat, SEABASE_PRIVMGR_SCHEMA,
    +          PRIVMGR_COLUMN_PRIVILEGES);
    +
    +  if (initializeInfoList(infoList_)) return -1;
    +
    +  numOutputEntries_ = 2;
    +  cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
    +  if (cliRC < 0)
    +  {
    +    cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
    +    return -1;
    +  }
    +
    +  bool hasHive = false;
    +  bool hasGrants = false;
    +  infoList_->position();
    +  OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
    +  if (vi && vi->get(0))
    +  {
    +    if (*(Lng32*)vi->get(0) > 0)
    --- End diff --
    
    I will change these to int64 for a future delivery.


---

Mime
View raw message