New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow schema owner to create, drop and rename schema #1139
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kokosing please review?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
% comment
...o-plugin-toolkit/src/main/java/io/prestosql/plugin/base/security/FileBasedAccessControl.java
Show resolved
Hide resolved
@@ -78,19 +78,25 @@ public FileBasedAccessControl(FileBasedAccessControlConfig config) | |||
@Override | |||
public void checkCanCreateSchema(ConnectorTransactionHandle transactionHandle, ConnectorIdentity identity, String schemaName) | |||
{ | |||
denyCreateSchema(schemaName); | |||
if (!isSchemaOwner(identity, schemaName)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems reasonable to me. I had originally suggested a separate permission for schema creation, but it doesn't make sense to allow creating a schema for which you would have no ownership.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the same logic should apply to table and view creation: rather than checking schema ownership, check whether the user owns the table.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That seems reasonable also. I'd prefer for it to be consistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn’t this a chicken-and-egg issue? A user can’t be owner of a schema that does not yet exist... what am I missing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@martint the permissions file allows you to have permissions for anything regardless of its existence or not. Since file based security system is totally generic, there isn't a good way to restrict that even if you wanted to, and instead we rely on the knowledge that the engine only checks for stuff that exists.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the same logic should apply to table and view creation: rather than checking schema ownership, check whether the user owns the table.
@electrum this sounds reasonable. I am concerned this may reduce protection in some cases though. Let's do it separately.
1169ae7
to
997209b
Compare
No description provided.