Add config for default view security mode #21956
Conversation
8b88f10 to
eee23b6
Compare
|
Consider adding documentation for this new configuration flag. Would Properties Reference be a good place for it? |
https://github.com/prestodb/presto/blob/master/presto-docs/src/main/sphinx/sql/create-view.rst#security would be a good place also. |
There was a problem hiding this comment.
Not needed for this PR, but one other aspect of the security mode stuff that would be nice to improve is that when you run SHOW CREATE VIEW it doesn't show you the security mode that it was created with. It makes it hard to validate that any particular view is using the right security mode.
presto-main/src/main/java/com/facebook/presto/sql/analyzer/FeaturesConfig.java
Outdated
Show resolved
Hide resolved
presto-main/src/main/java/com/facebook/presto/sql/analyzer/FeaturesConfig.java
Outdated
Show resolved
Hide resolved
eee23b6 to
afc88f3
Compare
|
Codenotify: Notifying subscribers in CODENOTIFY files for diff c33c3a3...076c843.
|
presto-main/src/main/java/com/facebook/presto/execution/CreateViewTask.java
Outdated
Show resolved
Hide resolved
| @@ -38,6 +38,9 @@ In the ``INVOKER`` security mode, tables referenced in the view are | |||
| accessed using the permissions of the query user (the *invoker* of the | |||
| view). A view created in this mode is simply a stored query. | |||
|
|
|||
| The ``default-view-security-mode`` can be used to configure the default | |||
| security mode for view creation. | |||
|
|
|||
There was a problem hiding this comment.
Consider adding an example that shows how to use default-view-security-mode.
There was a problem hiding this comment.
@steveburnett It can be used as any other session property. Do you have anything specific in mind?
There was a problem hiding this comment.
The example you added works, thanks!
b536f3a
afc88f3 to
b536f3a
Compare
| @@ -60,6 +63,10 @@ Create a view that replaces an existing view:: | |||
| SELECT orderkey, orderstatus, totalprice / 4 AS quarter | |||
| FROM orders | |||
|
|
|||
|
|
|||
| Set the default view security mode to ``INVOKER`` | |||
There was a problem hiding this comment.
| Set the default view security mode to ``INVOKER`` | |
| Set the default view security mode to ``INVOKER``:: | |
Formatting suggestion to make example a code block.
| @@ -38,6 +38,9 @@ In the ``INVOKER`` security mode, tables referenced in the view are | |||
| accessed using the permissions of the query user (the *invoker* of the | |||
| view). A view created in this mode is simply a stored query. | |||
|
|
|||
| The ``default-view-security-mode`` can be used to configure the default | |||
| security mode for view creation. | |||
|
|
|||
There was a problem hiding this comment.
The example you added works, thanks!
b536f3a to
bb048ea
Compare
bb048ea to
c2b72ba
Compare
|
@steveburnett I tested the changes locally, it comes nicely now 
|
Presto has a default view creation security mode as 'DEFINER'. However, some administrators may prefer to use 'INVOKER' as the default. To address this, a new configuration flag `default-view-security-mode` has been added that allows the default view security mode to be changed according to the administrator's preference.
c2b72ba to
076c843
Compare
Description
Presto has a default view creation security mode as 'DEFINER'. However, some administrators may prefer to use 'INVOKER' as the default.
To address this, a new configuration flag
default-view-security-modehas been added that allows the default view security mode to be changed according to the administrator's preference.