Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup grants of internal objects & tables #954

Merged
merged 8 commits into from Jun 28, 2019
Merged

Cleanup grants of internal objects & tables #954

merged 8 commits into from Jun 28, 2019

Conversation

jgebal
Copy link
Member

@jgebal jgebal commented Jun 22, 2019
edited

Removed following grants.

select, insert, update, delete on:

  • ut_compound_data_tmp
  • ut_compound_data_diff_tmp

Select on:

  • ut_annotation_cache
  • ut_annotation_cache_info
  • ut_suite_cache
  • ut_suite_cache_after_all
  • ut_suite_cache_after_each
  • ut_suite_cache_after_test
  • ut_suite_cache_before_all
  • ut_suite_cache_before_each
  • ut_suite_cache_before_test
  • ut_suite_cache_package
  • ut_suite_cache_schema
  • ut_suite_cache_trhows
  • ut_suite_cache_warnings

Execute on:

  • ut_annotations
  • ut_annotation
  • ut_annotated_object
  • ut_annotated_objects
  • ut_annotation_cache_manager
  • ut_annotation_parser
  • ut_coverage
  • ut_coverage_options
  • ut_coverage_helper
  • ut_coverage_reporter_base
  • ut_console_reporter_base
  • ut_output_data_row
  • ut_output_data_rows
  • ut_output_table_buffer
  • ut_output_clob_table_buffer

Below tables were changed to be session global temp tables.

  • dbmspcc_blocks
  • dbmspcc_runs
  • dbmspcc_units

With this, there is no risk of data leaks between sessions.

Reorganized code to accommodate for grants removal.
Wrapped sys.dbms_assert.qualified_sql_name to support NULL values.
Replaced calls to dbms_crypto.hash with ut_utils.get_hash - default SHA1

Resolves: #922

jgebal added 4 commits Jun 22, 2019
@jgebal
Cleanup some grants to internal objects & tables
c7b802f 
Removed grants:
- execute on ut_annotations
- execute on ut_annotation
- execute on ut_annotated_object
- execute on ut_annotated_objects
- select on ut_annotation_cache
- select on ut_annotation_cache_info
- execute ut_annotation_cache_manager
- execute ut_annotation_parser

Reorganized code to accommodate for grants removal.
Wrapped `sys.dbms_assert.qualified_sql_name` to support NULL values.
Replaced calls to `dbms_crypto.hash` with `ut_utils.get_hash` - default `SHA1`
@jgebal
Removed public grants for:
a62a6f1 
- `ut_coverage`
- `ut_coverage_options`
- `ut_coverage_helper`
@jgebal
Removed grant execute on:
dd9afb0 
- ut_output_reporter_base
- ut_coverage_reporter_base
- ut_console_reporter_base
- ut_output_data_row
- ut_output_data_rows
- ut_output_table_buffer
- ut_output_clob_table_buffer
@jgebal
Recovered grant execute on ut_output_reporter_base
7fc8d2c
@jgebal jgebal changed the title Cleanup some grants to internal objects & tables [WIP] Cleanup grants to internal objects & tables Jun 24, 2019
@jgebal
Unified grants & synonyms scripts to avoid any disconnect between PUB…
ae3326f 
…LIC and private access to the framework.

Resolves: #957
@jgebal jgebal mentioned this pull request Jun 24, 2019
Closed
jgebal added 2 commits Jun 27, 2019
@jgebal
Removed grants:
41c007c 
- grant select, insert, update, delete on ut_compound_data_tmp
- grant select, insert, update, delete on ut_compound_data_diff_tmp
@jgebal
- removed grants to ut_suite_cache
6f0a939 
- changed `dbmspcc_...` tables to be global temporary
- added cleanup of session level global temp tables after run
@jgebal jgebal added this to the v3.1.8 milestone Jun 28, 2019
@jgebal jgebal changed the title [WIP] Cleanup grants to internal objects & tables Cleanup grants of internal objects & tables Jun 28, 2019
@jgebal jgebal merged commit f3f2b12 into develop Jun 28, 2019
4 checks passed
@jgebal jgebal deleted the feature/grants_cleanup branch Jun 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lwasylow lwasylow

Assignees
No one assigned
Labels
bugfix enhancement
Projects
None yet
Milestone
v3.1.8
Development

Successfully merging this pull request may close these issues.

Protect data in utPLSQL tables
2 participants
@jgebal @lwasylow