Improve access control check for MV #18371
Conversation
| @@ -2193,6 +2193,7 @@ protected Scope visitTable(Table table, Optional<Scope> scope) | |||
| Optional<MaterializedViewDefinition> optionalMaterializedView = metadata.getMaterializedView(session, name); | |||
| if (optionalMaterializedView.isPresent()) { | |||
| MaterializedViewDefinition materializedViewDefinition = optionalMaterializedView.get(); | |||
| analysis.addEmptyColumnReferencesForTable(accessControl, session.getIdentity(), name); | |||
There was a problem hiding this comment.
Can you please add a test to TestAccessControl? This is a generic change for engine so we should have generic test coverage. I would even consider removing iceberg tests.
There was a problem hiding this comment.
I will add a test there but I'd prefer to leave an Iceberg test as it exactly covers what was the original problem
There was a problem hiding this comment.
And perhaps also tests for regular views (if there aren't already), to make sure that they don't have the same issue.
There was a problem hiding this comment.
What’s the original problem? Please add motivation and details in the PR description.
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
42ee909 to
8a4d41e
Compare
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
8a4d41e to
bfda1d1
Compare
ok i will remove them |
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
bfda1d1 to
aa115bb
Compare
| @@ -158,15 +158,15 @@ protected SystemAccessControl delegate() | |||
| }) | |||
| .withGetViews((connectorSession, prefix) -> { | |||
| ConnectorViewDefinition definitionRunAsDefiner = new ConnectorViewDefinition( | |||
| "select 1", | |||
| "select 1 as test", | |||
There was a problem hiding this comment.
It wont work without these changes so i think it can be in the same commit
There was a problem hiding this comment.
this looks MV unrelated, so it looks unrelated to commit title, right?
There was a problem hiding this comment.
Please tell me if current version is better
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
aa115bb to
ac39e50
Compare
| @@ -158,15 +158,15 @@ protected SystemAccessControl delegate() | |||
| }) | |||
| .withGetViews((connectorSession, prefix) -> { | |||
| ConnectorViewDefinition definitionRunAsDefiner = new ConnectorViewDefinition( | |||
| "select 1", | |||
There was a problem hiding this comment.
Use capital letters for keywords
| @@ -158,15 +158,15 @@ protected SystemAccessControl delegate() | |||
| }) | |||
There was a problem hiding this comment.
Create views correctly
let's explain why it was incorrect
Not having a named column resulted in SemanticException claiming that View is in invalid state: "a column of type INTEGER projected from query view at position 1 has no name"
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
ac39e50 to
311c39f
Compare
|
@kokosing commit message updated, upper case used |
testing/trino-tests/src/test/java/io/trino/security/TestAccessControl.java
Show resolved
Hide resolved
| @@ -253,6 +253,18 @@ public void testAccessControl() | |||
| assertAccessAllowed("SELECT name AS my_alias FROM nation", privilege("my_alias", SELECT_COLUMN)); | |||
| assertAccessAllowed("SELECT my_alias from (SELECT name AS my_alias FROM nation)", privilege("my_alias", SELECT_COLUMN)); | |||
| assertAccessDenied("SELECT name AS my_alias FROM nation", "Cannot select from columns \\[name] in table .*.nation.*", privilege("nation.name", SELECT_COLUMN)); | |||
| assertAccessAllowed("SELECT 1 FROM mock.default.test_materialized_view"); | |||
There was a problem hiding this comment.
add a test also for SELECT count(*) FROM mock.default.test_materialized_view
There was a problem hiding this comment.
does this add anything on top of SELECT 1 FROM ..?
There was a problem hiding this comment.
I don't think so, but that assumption is based on knowledge how semantic analyzer works. It is a another way of reading no column data, so maybe it could trigger different execution path too.
There was a problem hiding this comment.
fine, but add a code comment explaining why we deem it worthwhile to fire up these two test queries, otherwise someone can just remove them saying they are redundant (because, in fact, they are)
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
311c39f to
74d8934
Compare
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
74d8934 to
e7945f7
Compare
| @@ -2193,6 +2193,7 @@ protected Scope visitTable(Table table, Optional<Scope> scope) | |||
| Optional<MaterializedViewDefinition> optionalMaterializedView = metadata.getMaterializedView(session, name); | |||
| if (optionalMaterializedView.isPresent()) { | |||
| MaterializedViewDefinition materializedViewDefinition = optionalMaterializedView.get(); | |||
| analysis.addEmptyColumnReferencesForTable(accessControl, session.getIdentity(), name); | |||
There was a problem hiding this comment.
Improve access control check for views
change commit message to "Check materialized view access when no columns selected"
homar
force-pushed
the
homar/add_missing_access_control_check
branch
from
e7945f7 to
c103210
Compare
Description
Add additional checks for access control for queries on materialized views that don't touch underlying data.
Additional context and related issues
Release notes
(x) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text: