Adding support to sys.server_role_members #1722
Conversation
| CREATE OR REPLACE VIEW sys.server_role_members AS | ||
| SELECT | ||
| CAST(Authmbr.roleid AS INT) AS role_principal_id, | ||
| CAST(Authmbr.member AS INT) AS member_principal_id | ||
| FROM pg_catalog.pg_auth_members AS Authmbr | ||
| INNER JOIN sys.server_principals AS p1 ON p1.principal_id = Authmbr.roleid | ||
| INNER JOIN sys.server_principals AS p2 ON p2.principal_id = Authmbr.member | ||
| WHERE p1.type_desc='SERVER_ROLE' | ||
| AND p1.is_fixed_role=1; | ||
|
|
||
| GRANT SELECT ON sys.server_role_members TO PUBLIC; |
There was a problem hiding this comment.
This will be targeted for 3.4.0 version. So, please rebase it once 3.x development branch is ready for 3.4.0.
| SELECT * from sys_server_role_members_vu_prepare_view; | ||
| GO | ||
|
|
||
| ALTER SERVER ROLE sysadmin ADD MEMBER sys_server_role_members_vu_prepare_login1; | ||
| GO | ||
|
|
||
| ALTER SERVER ROLE sysadmin ADD MEMBER sys_server_role_members_vu_prepare_login2; | ||
| GO | ||
|
|
||
| SELECT * from sys_server_role_members_vu_prepare_view; | ||
| GO | ||
|
|
||
| ALTER SERVER ROLE sysadmin DROP MEMBER sys_server_role_members_vu_prepare_login2; | ||
| GO | ||
|
|
||
| ALTER SERVER ROLE sysadmin ADD MEMBER sys_server_role_members_vu_prepare_login3; | ||
| GO |
There was a problem hiding this comment.
Here, we need to test visibility according to the current_login. There may be a case that this view can only show data about current login, not others unless it has some sysadmin - we need to verify such scenarios.
Please check the .mix files for other test - We can also use multiple connections with specific login & database.
test/python/expected/upgrade_validation/expected_dependency.out
Outdated
Show resolved
Hide resolved
Signed-off-by: ANJU BHARTI <[email protected]>
Signed-off-by: ANJU BHARTI <[email protected]>
Signed-off-by: ANJU BHARTI <[email protected]>
anju15bharti
force-pushed
the
JIRA-BABEL-2532
branch
from
3e6932f to
73f3810
Compare
| INNER JOIN pg_catalog.pg_roles AS Auth1 ON Auth1.oid = Authmbr.roleid | ||
| INNER JOIN pg_catalog.pg_roles AS Auth2 ON Auth2.oid = Authmbr.member | ||
| INNER JOIN sys.babelfish_authid_login_ext AS Ext1 ON Auth1.rolname = Ext1.rolname | ||
| INNER JOIN sys.babelfish_authid_login_ext AS Ext2 ON Auth2.rolname = Ext2.rolname | ||
| WHERE Ext1.type = 'R'; |
There was a problem hiding this comment.
What about the permissions? Should all server membership should be visible by default? Please refer doc
There was a problem hiding this comment.
In Babelfish, we only allow one server role sysadmin which is marked as "R" in the catalog.
In SQL Server, the default server role sysadmin is visible to everyone. There is no behavioral difference.
We don't support creating a new server role other that 'sysadmin' in Babelfish, do we?
There was a problem hiding this comment.
Yes, In future when we support it at that time we may miss it. It will be better to add a condition to check that if it is fixed server role or showing membership's for current server principal.
There was a problem hiding this comment.
Agreed.
Currently, we hardcode is_fixed_role to 0 always.
I have suggested a change to Anju on how to update the is_fixed_role column in babelfish_authid_login_ext catalog which will be helpful for #1948 as well.
There was a problem hiding this comment.
We would need to update sys.server_role_members view once we support create server role syntax in Babelfish as tracked by https://jira.rds.a2z.com/browse/BABEL-113
shardgupta
merged commit 7c0e468
into
babelfish-for-postgresql:BABEL_3_X_DEV
Description
Currently, Babelfish does not support TSQL's sys.server_role_members view which is needed to determine the role(sysadmin server role) membership status. This commit implements this view and provides testing.
Task: BABEL-2532
Authored-by: Anju Bharti [email protected]
Signed-off-by: Anju Bharti [email protected]
Issues Resolved
JIRA BABEL-2532
view sys.server_role_members was not implemented
Check List
By submitting this pull request, I confirm that my contribution is under the terms of the Apache 2.0 and PostgreSQL licenses, and grant any person obtaining a copy of the contribution permission to relicense all or a portion of my contribution to the PostgreSQL License solely to contribute all or a portion of my contribution to the PostgreSQL open source project.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.