Comments (7)
Just by looking at the behaviours, the objects seem to be not analyzed. There will be more variations around this but I would presume a single fix will address all.
from crate.
I am pretty sure at least for schemas this is intentional, as they are not explicitly created and therefore a user would need to have access to a schema before the first object within it exists.
(Personally I'd prefer for schemas to also be explicitly created)
from crate.
I don't have a clear opinion if this is a bug or a desired behavior.
A bit related, need to test, what happens if you attempt to restore users/roles & their privileges to a new cluster, if the tables/views/schemas are not still there? Maybe it can be handy for such cases to prepare the users/roles & privileges (manually, or with saved statements) before the DB objects are created. Additionally, agreeing with @proddata, since currently we don't have empty schemas, (always need to have the 1st table created within them, and we dont' have a DROP SCHEMA
stmt), seems valid to be able to assign privileges to a schema that doesn't exist.
On the other, hand it is weird to select from sys.privileges and see privs for object not existing on the cluster.
from crate.
I am pretty sure at least for schemas this is intentional, as they are not explicitly created and therefore a user would need to have access to a schema before the first object within it exists.
(Personally I'd prefer for schemas to also be explicitly created)
I'm guessing that after: #11939, we can consider implementing the explicit creation/dropping of schemas.
from crate.
After discussion we decided to treat this as an improvement, rather than a bug fix.
from crate.
Some extra info, currently you can restore USERMANAGEMENT, and the privileges are there even though the objects are not:
cr> RESTORE SNAPSHOT repo.snap1 USERMANAGEMENT;
RESTORE OK, 1 row affected (0.052 sec)
cr> select * from sys.privileges;
+-------+---------+---------+-------+-------+------+
| class | grantee | grantor | ident | state | type |
+-------+---------+---------+-------+-------+------+
| TABLE | matriv | crate | doc.t | GRANT | DML |
+-------+---------+---------+-------+-------+------+
SELECT 1 row in set (0.003 sec)
cr> select * from t;
RelationUnknown[Relation 't' unknown]
If we go ahead to implement throw errors when trying to grant privs on non-existing objects, this will contradict with the restore privs behavior.
from crate.
I would maintain the current behavior until we decide to explicitly create schemas. Once we do, we can more closely link privileges to objects and potentially drop privileges if the associated object no longer exists.
from crate.
Related Issues (20)
- Invalid results when filtering with `ARRAY_LENGTH` on an array in array of objects HOT 2
- IndexOutOfBoundsException on query with ORDER BY in 3 nodes cluster HOT 3
- ShardInfo in NodeInfo MXBean is missing the schema name leading to duplicates HOT 4
- Table with dynamic column policy is silently failing first insert if it includes an empty array HOT 5
- Unexpected result when using empty `OBJECT` literal HOT 2
- Behaviour of numeric scale and casting inconsistent / unspecified HOT 2
- PostgreSQL wire protocol: type OID for text responses in prepared statements is invalid HOT 4
- PostgreSQL compatibility: SQL statement containing only comment not accepted HOT 3
- io.crate.integrationtests.LuceneQueryBuilderIntegrationTest#testNullOperators HOT 5
- Cannot add new column to a partitioned table after changing the number of shards HOT 2
- optimize lucene query generation for distinct from
- Avoid utf8->utf16 conversations (for grouping operations)
- UDFs with parameters incorrectly looked up with names all lowercase when used in GENERATED column HOT 1
- ClassCastException on selecting join field from table with objects HOT 2
- Unexpected results when using `OBJECT` nulls HOT 1
- Add CLI tool to recover a corrupted shard HOT 1
- Inconsistent type mapping when trying to insert scalar and array value for sub-column in `VALUES` statement. HOT 1
- Unexpected results when matching empty string with indexing disabled HOT 2
- Unexpected result when querying partitioned table with null values HOT 2
- Filtering by `= ALL` on float types does not work HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crate.