trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request: TRAFODION [1696] - drop authoriz...
Date Thu, 10 Mar 2016 21:20:32 GMT
GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/375

    TRAFODION [1696] - drop authorization doesn't drop all roles, and create role will run
into internal error

    A while back a change was made in the PrivMgr constructors to assume that
    authorization is enabled by default instead of the unknown state.  If the state 
    is unknown, privilege manager performs I/O to determine its state, otherwise
    no additional checking is performed. This was changed because one, the 
    authorization check in PrivMgr is expensive and two, the majority of the callers 
    already perform the authorization check by looking in the compile context set up 
    during process startup.  Role code was not updated to handle this change 
    correctly as described in TRAFODION-1696.  Changes were made to check compiler 
    context to verify that authorization is enabled  for role commands.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion fix-1696

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/375.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #375
    
----
commit 680f3917fe23fc3d202e218c09ff28574fc83ec3
Author: Roberta Marton <roberta.marton@apache.org>
Date:   2016-03-10T21:18:25Z

    TRAFODION [1696] - drop authorization doesn't drop all roles, and create role will run
into internal error
    
    A while back a change was made in the PrivMgr constructors to assume that
    authorization is enabled by default instead of the unknown state.  If the state
    is unknown, privilege manager performs I/O to determine its state, otherwise
    no additional checking is performed. This was changed because one, the
    authorization check in PrivMgr is expensive and two, the majority of the callers
    already perform the authorization check by looking in the compile context set up
    during process startup.  Role code was not updated to handle this change
    correctly as described in TRAFODION-1696.  Changes were made to check compiler
    context to verify that authorization is enabled  for role commands.
    
    Fixed a comment related to queryBuf size for internal library management
    operations.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message