OmniSciDB  085a039ca4
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
SysCatalog.h
Go to the documentation of this file.
1 /*
2  * Copyright 2019 OmniSci, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
29 #ifndef SYS_CATALOG_H
30 #define SYS_CATALOG_H
31 
32 #include <atomic>
33 #include <cstdint>
34 #include <ctime>
35 #include <limits>
36 #include <list>
37 #include <map>
38 #include <mutex>
39 #include <string>
40 #include <unordered_map>
41 #include <utility>
42 #include <vector>
43 
44 #include "tbb/concurrent_hash_map.h"
45 
46 #include "Grantee.h"
47 #include "ObjectRoleDescriptor.h"
48 #include "PkiServer.h"
49 
50 #include "../DataMgr/DataMgr.h"
51 #include "../SqliteConnector/SqliteConnector.h"
52 #include "LeafHostInfo.h"
53 
54 #include "../Calcite/Calcite.h"
55 #include "Shared/SysDefinitions.h"
57 
58 class Calcite;
59 
60 extern std::string g_base_path;
61 
62 namespace Catalog_Namespace {
63 
64 /*
65  * @type UserMetadata
66  * @brief metadata for a db user
67  */
68 struct UserMetadata {
69  UserMetadata(int32_t u,
70  const std::string& n,
71  const std::string& p,
72  bool s,
73  int32_t d,
74  bool l,
75  bool t)
76  : userId(u)
77  , userName(n)
78  , passwd_hash(p)
79  , isSuper(s)
80  , defaultDbId(d)
81  , can_login(l)
82  , is_temporary(t) {}
84  UserMetadata(UserMetadata const& user_meta)
85  : UserMetadata(user_meta.userId,
86  user_meta.userName,
87  user_meta.passwd_hash,
88  user_meta.isSuper.load(),
89  user_meta.defaultDbId,
90  user_meta.can_login,
91  user_meta.is_temporary) {}
92  UserMetadata& operator=(UserMetadata const& user_meta) {
93  if (this != &user_meta) {
94  userId = user_meta.userId;
95  userName = user_meta.userName;
96  passwd_hash = user_meta.passwd_hash;
97  isSuper.store(user_meta.isSuper.load());
98  defaultDbId = user_meta.defaultDbId;
99  can_login = user_meta.can_login;
100  is_temporary = user_meta.is_temporary;
101  }
102  return *this;
103  }
104  int32_t userId;
105  std::string userName;
106  std::string passwd_hash;
107  std::atomic<bool> isSuper{false};
108  int32_t defaultDbId{-1};
109  bool can_login{true};
110  bool is_temporary{false};
111 
112  // Return a string that is safe to log for the username based on --log-user-id.
113  std::string userLoggable() const;
114 };
115 
117  std::optional<std::string> passwd;
118  std::optional<bool> is_super;
119  std::optional<std::string> default_db;
120  std::optional<bool> can_login;
121 
122  bool wouldChange(UserMetadata const& user_meta) const;
123  std::string toString(bool hide_password = true) const;
124 };
125 
126 /*
127  * @type DBMetadata
128  * @brief metadata for a database
129  */
130 struct DBMetadata {
131  DBMetadata() : dbId(0), dbOwner(0) {}
132  int32_t dbId;
133  std::string dbName;
134  int32_t dbOwner;
135 };
136 
137 /*
138  * @type DBSummary
139  * @brief summary info for a database
140  */
141 struct DBSummary {
142  std::string dbName;
143  std::string dbOwnerName;
144 };
145 using DBSummaryList = std::list<DBSummary>;
146 
148  public:
149  CommonFileOperations(std::string const& base_path) : base_path_(base_path) {}
150 
151  inline void removeCatalogByFullPath(std::string const& full_path);
152  inline void removeCatalogByName(std::string const& name);
153  inline auto duplicateAndRenameCatalog(std::string const& current_name,
154  std::string const& new_name);
155  inline auto assembleCatalogName(std::string const& name);
156 
157  private:
158  std::string const& base_path_;
159 };
160 
161 /*
162  * @type SysCatalog
163  * @brief class for the system-wide catalog, currently containing user and database
164  * metadata
165  */
167  public:
168  void init(const std::string& basePath,
169  std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
170  const AuthMetadata& authMetadata,
171  std::shared_ptr<Calcite> calcite,
172  bool is_new_db,
173  bool aggregator,
174  const std::vector<LeafHostInfo>& string_dict_hosts);
175 
181  std::shared_ptr<Catalog> login(std::string& db,
182  std::string& username,
183  const std::string& password,
184  UserMetadata& user_meta,
185  bool check_password = true);
186  std::shared_ptr<Catalog> switchDatabase(std::string& dbname,
187  const std::string& username);
188  UserMetadata createUser(std::string const& name,
189  UserAlterations alts,
190  bool is_temporary);
191  void dropUser(const std::string& name);
192  UserMetadata alterUser(std::string const& name, UserAlterations alts);
193  void renameUser(std::string const& old_name, std::string const& new_name);
194  void createDatabase(const std::string& dbname, int owner);
195  void renameDatabase(std::string const& old_name, std::string const& new_name);
196  void dropDatabase(const DBMetadata& db);
197  std::optional<UserMetadata> getUser(std::string const& uname) {
198  if (UserMetadata user; getMetadataForUser(uname, user)) {
199  return user;
200  }
201  return {};
202  }
203  std::optional<UserMetadata> getUser(int32_t const uid) {
204  if (UserMetadata user; getMetadataForUserById(uid, user)) {
205  return user;
206  }
207  return {};
208  }
209  std::optional<DBMetadata> getDB(std::string const& dbname) {
210  if (DBMetadata db; getMetadataForDB(dbname, db)) {
211  return db;
212  }
213  return {};
214  }
215  std::optional<DBMetadata> getDB(int32_t const dbid) {
216  if (DBMetadata db; getMetadataForDBById(dbid, db)) {
217  return db;
218  }
219  return {};
220  }
221  bool getMetadataForUser(const std::string& name, UserMetadata& user);
222  bool getMetadataForUserById(const int32_t idIn, UserMetadata& user);
223  bool checkPasswordForUser(const std::string& passwd,
224  std::string& name,
225  UserMetadata& user);
226  bool getMetadataForDB(const std::string& name, DBMetadata& db);
227  bool getMetadataForDBById(const int32_t idIn, DBMetadata& db);
229  Calcite& getCalciteMgr() const { return *calciteMgr_; }
230  const std::string& getCatalogBasePath() const { return basePath_; }
232  std::list<DBMetadata> getAllDBMetadata();
233  std::list<UserMetadata> getAllUserMetadata();
237  std::list<UserMetadata> getAllUserMetadata(const int64_t dbId);
239  void createDBObject(const UserMetadata& user,
240  const std::string& objectName,
242  const Catalog_Namespace::Catalog& catalog,
243  int32_t objectId = -1);
253  void renameDBObject(const std::string& objectName,
254  const std::string& newName,
256  int32_t objectId,
257  const Catalog_Namespace::Catalog& catalog);
258  void grantDBObjectPrivileges(const std::string& grantee,
259  const DBObject& object,
260  const Catalog_Namespace::Catalog& catalog);
261  void grantDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
262  const std::vector<DBObject>& objects,
263  const Catalog_Namespace::Catalog& catalog);
264  void revokeDBObjectPrivileges(const std::string& grantee,
265  const DBObject& object,
266  const Catalog_Namespace::Catalog& catalog);
267  void revokeDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
268  const std::vector<DBObject>& objects,
269  const Catalog_Namespace::Catalog& catalog);
270  void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog* catalog);
272  void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject>& objects,
273  Catalog* catalog);
274  void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject>& objects,
275  Catalog* catalog);
276  void getDBObjectPrivileges(const std::string& granteeName,
277  DBObject& object,
278  const Catalog_Namespace::Catalog& catalog) const;
279  bool verifyDBObjectOwnership(const UserMetadata& user,
280  DBObject object,
281  const Catalog_Namespace::Catalog& catalog);
291  void changeDBObjectOwnership(const UserMetadata& new_owner,
292  const UserMetadata& previous_owner,
293  DBObject object,
294  const Catalog_Namespace::Catalog& catalog,
295  bool revoke_privileges = true);
296  void createRole(const std::string& roleName,
297  const bool user_private_role,
298  const bool is_temporary = false);
299  void dropRole(const std::string& roleName, const bool is_temporary = false);
300  void grantRoleBatch(const std::vector<std::string>& roles,
301  const std::vector<std::string>& grantees);
302  void grantRole(const std::string& role,
303  const std::string& grantee,
304  const bool is_temporary = false);
305  void revokeRoleBatch(const std::vector<std::string>& roles,
306  const std::vector<std::string>& grantees);
307  void revokeRole(const std::string& role,
308  const std::string& grantee,
309  const bool is_temporary = false);
310  // check if the user has any permissions on all the given objects
311  bool hasAnyPrivileges(const UserMetadata& user, std::vector<DBObject>& privObjects);
312  // check if the user has the requested permissions on all the given objects
313  bool checkPrivileges(const UserMetadata& user,
314  const std::vector<DBObject>& privObjects) const;
315  bool checkPrivileges(const std::string& userName,
316  const std::vector<DBObject>& privObjects) const;
317  Grantee* getGrantee(const std::string& name) const;
318  Role* getRoleGrantee(const std::string& name) const;
319  User* getUserGrantee(const std::string& name) const;
320  std::vector<ObjectRoleDescriptor*> getMetadataForObject(int32_t dbId,
321  int32_t dbType,
322  int32_t objectId) const;
323  std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const;
324  bool isRoleGrantedToGrantee(const std::string& granteeName,
325  const std::string& roleName,
326  bool only_direct) const;
327  std::vector<std::string> getRoles(const std::string& user_name, bool effective = true);
328  std::vector<std::string> getRoles(bool include_user_private_role,
329  bool is_super,
330  const std::string& user_name,
331  bool ignore_deleted_user = false);
332  std::vector<std::string> getRoles(const std::string& userName, const int32_t dbId);
333  // Get all roles that have been created, even roles that have not been assigned to other
334  // users or roles.
335  std::set<std::string> getCreatedRoles() const;
336  bool isAggregator() const { return aggregator_; }
337  static SysCatalog& instance() {
338  if (!instance_) {
339  instance_.reset(new SysCatalog());
340  }
341  return *instance_;
342  }
343 
344  static void destroy() { instance_.reset(); }
345 
346  void populateRoleDbObjects(const std::vector<DBObject>& objects);
347  std::string name() const { return shared::kDefaultDbName; }
350  void syncUserWithRemoteProvider(const std::string& user_name,
351  std::vector<std::string> idp_roles,
352  UserAlterations alts);
353  std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(
354  const std::vector<std::string>& dashboard_ids);
355  void check_for_session_encryption(const std::string& pki_cert, std::string& session);
356  std::vector<Catalog*> getCatalogsForAllDbs();
357 
358  std::shared_ptr<Catalog> getDummyCatalog() { return dummyCatalog_; }
359 
360  std::shared_ptr<Catalog> getCatalog(const std::string& dbName);
361  std::shared_ptr<Catalog> getCatalog(const int32_t db_id);
362  std::shared_ptr<Catalog> getCatalog(const DBMetadata& curDB, bool is_new_db);
363 
364  void removeCatalog(const std::string& dbName);
365 
366  virtual ~SysCatalog();
367 
378  const std::map<int32_t, std::vector<DBObject>>& old_owner_db_objects,
379  int32_t new_owner_id,
380  const Catalog_Namespace::Catalog& catalog);
381 
382  bool hasExecutedMigration(const std::string& migration_name) const;
383 
384  private:
385  using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>;
387  std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>;
388 
389  SysCatalog();
390 
391  void initDB();
392  void buildRoleMap();
393  void buildUserRoleMap();
395  void rebuildObjectMaps();
398  void createRoles();
399  void fixRolesMigration();
400  void addAdminUserRole();
401  void migratePrivileges();
402  void migratePrivileged_old();
403  void updateUserSchema();
408  void loginImpl(std::string& username,
409  const std::string& password,
410  UserMetadata& user_meta);
411  bool checkPasswordForUserImpl(const std::string& passwd,
412  std::string& name,
413  UserMetadata& user);
414 
415  // Here go functions not wrapped into transactions (necessary for nested calls)
416  void grantDefaultPrivilegesToRole_unsafe(const std::string& name, bool issuper);
417  void createRole_unsafe(const std::string& roleName,
418  const bool userPrivateRole,
419  const bool is_temporary);
420  void dropRole_unsafe(const std::string& roleName, const bool is_temporary);
421  void grantRoleBatch_unsafe(const std::vector<std::string>& roles,
422  const std::vector<std::string>& grantees);
423  void grantRole_unsafe(const std::string& roleName,
424  const std::string& granteeName,
425  const bool is_temporary);
426  void revokeRoleBatch_unsafe(const std::vector<std::string>& roles,
427  const std::vector<std::string>& grantees);
428  void revokeRole_unsafe(const std::string& roleName,
429  const std::string& granteeName,
430  const bool is_temporary);
431  void updateObjectDescriptorMap(const std::string& roleName,
432  DBObject& object,
433  bool roleType,
435  void deleteObjectDescriptorMap(const std::string& roleName);
436  void deleteObjectDescriptorMap(const std::string& roleName,
437  DBObject& object,
439  void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
440  const std::vector<DBObject>& objects,
441  const Catalog_Namespace::Catalog& catalog);
442  void grantDBObjectPrivileges_unsafe(const std::string& granteeName,
443  const DBObject object,
444  const Catalog_Namespace::Catalog& catalog);
445  void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
446  const std::vector<DBObject>& objects,
447  const Catalog_Namespace::Catalog& catalog);
448  void revokeDBObjectPrivileges_unsafe(const std::string& granteeName,
449  DBObject object,
450  const Catalog_Namespace::Catalog& catalog);
451  void grantAllOnDatabase_unsafe(const std::string& roleName,
452  DBObject& object,
453  const Catalog_Namespace::Catalog& catalog);
454  void revokeAllOnDatabase_unsafe(const std::string& roleName,
455  int32_t dbId,
456  Grantee* grantee);
457  bool isDashboardSystemRole(const std::string& roleName) const;
458  void updateUserRoleName(const std::string& roleName, const std::string& newName);
459  void getMetadataWithDefaultDB(std::string& dbname,
460  const std::string& username,
462  UserMetadata& user_meta);
468  bool allowLocalLogin() const;
469 
470  template <typename F, typename... Args>
471  void execInTransaction(F&& f, Args&&... args);
472 
474  void recordExecutedMigration(const std::string& migration_name) const;
475  bool hasVersionHistoryTable() const;
476  void createVersionHistoryTable() const;
477 
478  std::string basePath_;
481  std::unique_ptr<SqliteConnector> sqliteConnector_;
482 
483  std::shared_ptr<Data_Namespace::DataMgr> dataMgr_;
484  std::unique_ptr<PkiServer> pki_server_;
486  std::shared_ptr<Calcite> calciteMgr_;
487  std::vector<LeafHostInfo> string_dict_hosts_;
490 
491  // contains a map of all the catalog within this system
492  // it is lazy loaded
493  // std::map<std::string, std::shared_ptr<Catalog>> cat_map_;
494  using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>;
496 
497  static std::unique_ptr<SysCatalog> instance_;
498 
499  public:
500  mutable std::mutex sqliteMutex_;
502  mutable std::atomic<std::thread::id> thread_holding_sqlite_lock;
503  mutable std::atomic<std::thread::id> thread_holding_write_lock;
504  static thread_local bool thread_holds_read_lock;
505  // used by catalog when initially creating a catalog instance
506  std::shared_ptr<Catalog> dummyCatalog_;
507  std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_;
508  std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_;
510 };
511 
512 } // namespace Catalog_Namespace
513 
514 #endif // SYS_CATALOG_H
std::optional< std::string > passwd
Definition: SysCatalog.h:117
std::optional< DBMetadata > getDB(std::string const &dbname)
Definition: SysCatalog.h:209
std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >> ObjectRoleDescriptorMap
Definition: SysCatalog.h:387
void recordExecutedMigration(const std::string &migration_name) const
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
std::vector< Catalog * > getCatalogsForAllDbs()
void dropUser(const std::string &name)
Definition: SysCatalog.cpp:962
std::string cat(Ts &&...args)
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:145
SqliteConnector * getSqliteConnector()
Definition: SysCatalog.h:231
std::optional< std::string > default_db
Definition: SysCatalog.h:119
class for a per-database catalog. also includes metadata for the current database and the current use...
Definition: Catalog.h:114
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
DBObjectType
Definition: DBObject.h:42
std::set< std::string > getCreatedRoles() const
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::optional< UserMetadata > getUser(std::string const &uname)
Definition: SysCatalog.h:197
UserMetadata(UserMetadata const &user_meta)
Definition: SysCatalog.h:84
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void removeCatalog(const std::string &dbName)
std::string name() const
Definition: SysCatalog.h:347
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:497
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:502
UserMetadata & operator=(UserMetadata const &user_meta)
Definition: SysCatalog.h:92
void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
std::shared_ptr< Catalog > getDummyCatalog()
Definition: SysCatalog.h:358
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:480
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:831
Definition: Grantee.h:81
std::vector< ObjectRoleDescriptor > getMetadataForAllObjects() const
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void reassignObjectOwners(const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
std::string toString(bool hide_password=true) const
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
Definition: SysCatalog.cpp:162
std::optional< bool > is_super
Definition: SysCatalog.h:118
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
constexpr double f
Definition: Utm.h:31
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
bool hasVersionHistoryTable() const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:484
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:485
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
Definition: SysCatalog.h:228
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
static SysCatalog & instance()
Definition: SysCatalog.h:337
auto assembleCatalogName(std::string const &name)
Definition: SysCatalog.cpp:133
bool wouldChange(UserMetadata const &user_meta) const
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
const std::string kDefaultDbName
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::string g_base_path
Definition: SysCatalog.cpp:64
const std::string & getCatalogBasePath() const
Definition: SysCatalog.h:230
tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >> dbid_to_cat_map
Definition: SysCatalog.h:494
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:507
std::shared_timed_mutex mapd_shared_mutex
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
Definition: SysCatalog.cpp:805
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:483
UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)
Definition: SysCatalog.cpp:869
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Definition: SysCatalog.cpp:839
Role * getRoleGrantee(const std::string &name) const
std::optional< UserMetadata > getUser(int32_t const uid)
Definition: SysCatalog.h:203
mapd_shared_mutex sharedMutex_
Definition: SysCatalog.h:501
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:481
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:149
void updateUserRoleName(const std::string &roleName, const std::string &newName)
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
const int32_t kTempUserIdRange
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
Definition: SysCatalog.cpp:861
void renameUser(std::string const &old_name, std::string const &new_name)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
Definition: SysCatalog.cpp:141
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:508
void syncUserWithRemoteProvider(const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)
void dropRole(const std::string &roleName, const bool is_temporary=false)
void createVersionHistoryTable() const
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:487
std::optional< bool > can_login
Definition: SysCatalog.h:120
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:486
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:145
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
Definition: SysCatalog.h:504
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
std::optional< DBMetadata > getDB(int32_t const dbid)
Definition: SysCatalog.h:215
Calcite & getCalciteMgr() const
Definition: SysCatalog.h:229
bool isDashboardSystemRole(const std::string &roleName) const
string name
Definition: setup.in.py:72
constexpr double n
Definition: Utm.h:38
bool hasExecutedMigration(const std::string &migration_name) const
std::map< std::string, std::unique_ptr< Grantee >> GranteeMap
Definition: SysCatalog.h:385
std::string userLoggable() const
Definition: SysCatalog.cpp:129
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
UserMetadata alterUser(std::string const &name, UserAlterations alts)
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:506
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:137
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::vector< std::string > getRoles(const std::string &user_name, bool effective=true)
std::atomic< bool > isSuper
Definition: SysCatalog.h:107
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void revokeDBObjectPrivilegesFromAllBatch(std::vector< DBObject > &objects, Catalog *catalog)
UserMetadata(int32_t u, const std::string &n, const std::string &p, bool s, int32_t d, bool l, bool t)
Definition: SysCatalog.h:69
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:503