OmniSciDB  6686921089
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
SysCatalog.h
Go to the documentation of this file.
1 /*
2  * Copyright 2019 OmniSci, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
29 #ifndef SYS_CATALOG_H
30 #define SYS_CATALOG_H
31 
32 #include <atomic>
33 #include <cstdint>
34 #include <ctime>
35 #include <limits>
36 #include <list>
37 #include <map>
38 #include <mutex>
39 #include <string>
40 #include <unordered_map>
41 #include <utility>
42 #include <vector>
43 
44 #include "tbb/concurrent_hash_map.h"
45 
46 #include "Grantee.h"
47 #include "ObjectRoleDescriptor.h"
48 #include "PkiServer.h"
49 
50 #include "../DataMgr/DataMgr.h"
51 #include "../SqliteConnector/SqliteConnector.h"
52 #include "LeafHostInfo.h"
53 
54 #include "../Calcite/Calcite.h"
55 #include "Shared/Restriction.h"
57 
58 inline const std::string OMNISCI_SYSTEM_CATALOG = "omnisci_system_catalog";
59 inline const std::string OMNISCI_DEFAULT_DB = "omnisci";
60 inline const std::string OMNISCI_ROOT_USER = "admin";
61 inline const int OMNISCI_ROOT_USER_ID = 0;
62 inline const std::string OMNISCI_ROOT_USER_ID_STR = "0";
63 inline const std::string OMNISCI_ROOT_PASSWD_DEFAULT = "HyperInteractive";
64 inline const int32_t OMNISCI_TEMPORARY_USER_ID_RANGE = 1000000000;
65 inline const std::string INFORMATION_SCHEMA_DB = "information_schema";
66 inline const std::string INFORMATION_SCHEMA_MIGRATION = "information_schema_db_created";
67 
68 class Calcite;
69 
70 extern std::string g_base_path;
71 
72 namespace Catalog_Namespace {
73 
74 /*
75  * @type UserMetadata
76  * @brief metadata for a db user
77  */
78 struct UserMetadata {
79  UserMetadata(int32_t u,
80  const std::string& n,
81  const std::string& p,
82  bool s,
83  int32_t d,
84  bool l,
85  bool t)
86  : userId(u)
87  , userName(n)
88  , passwd_hash(p)
89  , isSuper(s)
90  , defaultDbId(d)
91  , can_login(l)
92  , is_temporary(t) {}
94  UserMetadata(UserMetadata const& user_meta)
95  : UserMetadata(user_meta.userId,
96  user_meta.userName,
97  user_meta.passwd_hash,
98  user_meta.isSuper.load(),
99  user_meta.defaultDbId,
100  user_meta.can_login,
101  user_meta.is_temporary) {
102  restriction = user_meta.restriction;
103  }
104  UserMetadata& operator=(UserMetadata const& user_meta) {
105  if (this != &user_meta) {
106  userId = user_meta.userId;
107  userName = user_meta.userName;
108  passwd_hash = user_meta.passwd_hash;
109  isSuper.store(user_meta.isSuper.load());
110  defaultDbId = user_meta.defaultDbId;
111  can_login = user_meta.can_login;
112  is_temporary = user_meta.is_temporary;
113  restriction = user_meta.restriction;
114  }
115  return *this;
116  }
117  int32_t userId;
118  std::string userName;
119  std::string passwd_hash;
120  std::atomic<bool> isSuper{false};
121  int32_t defaultDbId;
122  bool can_login{true};
123  bool is_temporary{false};
125 
126  // Return a string that is safe to log for the username based on --log-user-id.
127  std::string userLoggable() const;
128 
129  void setRestriction(Restriction in_restriction) { restriction = in_restriction; }
130 };
131 
132 /*
133  * @type DBMetadata
134  * @brief metadata for a database
135  */
136 struct DBMetadata {
137  DBMetadata() : dbId(0), dbOwner(0) {}
138  int32_t dbId;
139  std::string dbName;
140  int32_t dbOwner;
141 };
142 
143 /*
144  * @type DBSummary
145  * @brief summary info for a database
146  */
147 struct DBSummary {
148  std::string dbName;
149  std::string dbOwnerName;
150 };
151 using DBSummaryList = std::list<DBSummary>;
152 
154  public:
155  CommonFileOperations(std::string const& base_path) : base_path_(base_path) {}
156 
157  inline void removeCatalogByFullPath(std::string const& full_path);
158  inline void removeCatalogByName(std::string const& name);
159  inline auto duplicateAndRenameCatalog(std::string const& current_name,
160  std::string const& new_name);
161  inline auto assembleCatalogName(std::string const& name);
162 
163  private:
164  std::string const& base_path_;
165 };
166 
167 /*
168  * @type SysCatalog
169  * @brief class for the system-wide catalog, currently containing user and database
170  * metadata
171  */
173  public:
174  void init(const std::string& basePath,
175  std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
176  const AuthMetadata& authMetadata,
177  std::shared_ptr<Calcite> calcite,
178  bool is_new_db,
179  bool aggregator,
180  const std::vector<LeafHostInfo>& string_dict_hosts);
181 
187  std::shared_ptr<Catalog> login(std::string& db,
188  std::string& username,
189  const std::string& password,
190  UserMetadata& user_meta,
191  bool check_password = true);
192  std::shared_ptr<Catalog> switchDatabase(std::string& dbname,
193  const std::string& username);
194  void createUser(const std::string& name,
195  const std::string& passwd,
196  bool is_super,
197  const std::string& dbname,
198  bool can_login,
199  bool is_temporary);
200  void dropUser(const std::string& name);
201  void alterUser(const std::string& name,
202  const std::string* passwd,
203  bool* issuper,
204  const std::string* dbname,
205  bool* can_login);
206  void renameUser(std::string const& old_name, std::string const& new_name);
207  void createDatabase(const std::string& dbname, int owner);
208  void renameDatabase(std::string const& old_name, std::string const& new_name);
209  void dropDatabase(const DBMetadata& db);
210  bool getMetadataForUser(const std::string& name, UserMetadata& user);
211  bool getMetadataForUserById(const int32_t idIn, UserMetadata& user);
212  bool checkPasswordForUser(const std::string& passwd,
213  std::string& name,
214  UserMetadata& user);
215  bool getMetadataForDB(const std::string& name, DBMetadata& db);
216  bool getMetadataForDBById(const int32_t idIn, DBMetadata& db);
218  Calcite& getCalciteMgr() const { return *calciteMgr_; }
219  const std::string& getCatalogBasePath() const { return basePath_; }
221  std::list<DBMetadata> getAllDBMetadata();
222  std::list<UserMetadata> getAllUserMetadata();
226  std::list<UserMetadata> getAllUserMetadata(const int64_t dbId);
228  void createDBObject(const UserMetadata& user,
229  const std::string& objectName,
231  const Catalog_Namespace::Catalog& catalog,
232  int32_t objectId = -1);
242  void renameDBObject(const std::string& objectName,
243  const std::string& newName,
245  int32_t objectId,
246  const Catalog_Namespace::Catalog& catalog);
247  void grantDBObjectPrivileges(const std::string& grantee,
248  const DBObject& object,
249  const Catalog_Namespace::Catalog& catalog);
250  void grantDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
251  const std::vector<DBObject>& objects,
252  const Catalog_Namespace::Catalog& catalog);
253  void revokeDBObjectPrivileges(const std::string& grantee,
254  const DBObject& object,
255  const Catalog_Namespace::Catalog& catalog);
256  void revokeDBObjectPrivilegesBatch(const std::vector<std::string>& grantees,
257  const std::vector<DBObject>& objects,
258  const Catalog_Namespace::Catalog& catalog);
259  void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog* catalog);
261  void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject>& objects,
262  Catalog* catalog);
263  void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject>& objects,
264  Catalog* catalog);
265  void getDBObjectPrivileges(const std::string& granteeName,
266  DBObject& object,
267  const Catalog_Namespace::Catalog& catalog) const;
268  bool verifyDBObjectOwnership(const UserMetadata& user,
269  DBObject object,
270  const Catalog_Namespace::Catalog& catalog);
280  void changeDBObjectOwnership(const UserMetadata& new_owner,
281  const UserMetadata& previous_owner,
282  DBObject object,
283  const Catalog_Namespace::Catalog& catalog,
284  bool revoke_privileges = true);
285  void createRole(const std::string& roleName,
286  const bool user_private_role,
287  const bool is_temporary = false);
288  void dropRole(const std::string& roleName, const bool is_temporary = false);
289  void grantRoleBatch(const std::vector<std::string>& roles,
290  const std::vector<std::string>& grantees);
291  void grantRole(const std::string& role,
292  const std::string& grantee,
293  const bool is_temporary = false);
294  void revokeRoleBatch(const std::vector<std::string>& roles,
295  const std::vector<std::string>& grantees);
296  void revokeRole(const std::string& role,
297  const std::string& grantee,
298  const bool is_temporary = false);
299  // check if the user has any permissions on all the given objects
300  bool hasAnyPrivileges(const UserMetadata& user, std::vector<DBObject>& privObjects);
301  // check if the user has the requested permissions on all the given objects
302  bool checkPrivileges(const UserMetadata& user,
303  const std::vector<DBObject>& privObjects) const;
304  bool checkPrivileges(const std::string& userName,
305  const std::vector<DBObject>& privObjects) const;
306  Grantee* getGrantee(const std::string& name) const;
307  Role* getRoleGrantee(const std::string& name) const;
308  User* getUserGrantee(const std::string& name) const;
309  std::vector<ObjectRoleDescriptor*> getMetadataForObject(int32_t dbId,
310  int32_t dbType,
311  int32_t objectId) const;
312  std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const;
313  bool isRoleGrantedToGrantee(const std::string& granteeName,
314  const std::string& roleName,
315  bool only_direct) const;
316  std::vector<std::string> getRoles(bool include_user_private_role,
317  bool is_super,
318  const std::string& user_name,
319  bool ignore_deleted_user = false);
320  std::vector<std::string> getRoles(const std::string& userName, const int32_t dbId);
321  // Get all roles that have been created, even roles that have not been assigned to other
322  // users or roles.
323  std::set<std::string> getCreatedRoles() const;
324  bool isAggregator() const { return aggregator_; }
325  static SysCatalog& instance() {
326  if (!instance_) {
327  instance_.reset(new SysCatalog());
328  }
329  return *instance_;
330  }
331 
332  static void destroy() { instance_.reset(); }
333 
334  void populateRoleDbObjects(const std::vector<DBObject>& objects);
335  std::string name() const { return OMNISCI_DEFAULT_DB; }
338  void syncUserWithRemoteProvider(const std::string& user_name,
339  std::vector<std::string> idp_roles,
340  bool* issuper,
341  const std::string& default_db = {});
342  std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(
343  const std::vector<std::string>& dashboard_ids);
344  void check_for_session_encryption(const std::string& pki_cert, std::string& session);
345  std::vector<Catalog*> getCatalogsForAllDbs();
346 
347  std::shared_ptr<Catalog> getDummyCatalog() { return dummyCatalog_; }
348 
349  std::shared_ptr<Catalog> getCatalog(const std::string& dbName);
350  std::shared_ptr<Catalog> getCatalog(const int32_t db_id);
351  std::shared_ptr<Catalog> getCatalog(const DBMetadata& curDB, bool is_new_db);
352 
353  void removeCatalog(const std::string& dbName);
354 
355  virtual ~SysCatalog();
356 
367  const std::map<int32_t, std::vector<DBObject>>& old_owner_db_objects,
368  int32_t new_owner_id,
369  const Catalog_Namespace::Catalog& catalog);
370 
371  bool hasExecutedMigration(const std::string& migration_name) const;
372 
373  private:
374  using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>;
376  std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>;
377 
378  SysCatalog();
379 
380  void initDB();
381  void buildRoleMap();
382  void buildUserRoleMap();
384  void rebuildObjectMaps();
387  void createRoles();
388  void fixRolesMigration();
389  void addAdminUserRole();
390  void migratePrivileges();
391  void migratePrivileged_old();
392  void updateUserSchema();
397  void loginImpl(std::string& username,
398  const std::string& password,
399  UserMetadata& user_meta);
400  bool checkPasswordForUserImpl(const std::string& passwd,
401  std::string& name,
402  UserMetadata& user);
403 
404  // Here go functions not wrapped into transactions (necessary for nested calls)
405  void grantDefaultPrivilegesToRole_unsafe(const std::string& name, bool issuper);
406  void createRole_unsafe(const std::string& roleName,
407  const bool userPrivateRole,
408  const bool is_temporary);
409  void dropRole_unsafe(const std::string& roleName, const bool is_temporary);
410  void grantRoleBatch_unsafe(const std::vector<std::string>& roles,
411  const std::vector<std::string>& grantees);
412  void grantRole_unsafe(const std::string& roleName,
413  const std::string& granteeName,
414  const bool is_temporary);
415  void revokeRoleBatch_unsafe(const std::vector<std::string>& roles,
416  const std::vector<std::string>& grantees);
417  void revokeRole_unsafe(const std::string& roleName,
418  const std::string& granteeName,
419  const bool is_temporary);
420  void updateObjectDescriptorMap(const std::string& roleName,
421  DBObject& object,
422  bool roleType,
424  void deleteObjectDescriptorMap(const std::string& roleName);
425  void deleteObjectDescriptorMap(const std::string& roleName,
426  DBObject& object,
428  void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
429  const std::vector<DBObject>& objects,
430  const Catalog_Namespace::Catalog& catalog);
431  void grantDBObjectPrivileges_unsafe(const std::string& granteeName,
432  const DBObject object,
433  const Catalog_Namespace::Catalog& catalog);
434  void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string>& grantees,
435  const std::vector<DBObject>& objects,
436  const Catalog_Namespace::Catalog& catalog);
437  void revokeDBObjectPrivileges_unsafe(const std::string& granteeName,
438  DBObject object,
439  const Catalog_Namespace::Catalog& catalog);
440  void grantAllOnDatabase_unsafe(const std::string& roleName,
441  DBObject& object,
442  const Catalog_Namespace::Catalog& catalog);
443  void revokeAllOnDatabase_unsafe(const std::string& roleName,
444  int32_t dbId,
445  Grantee* grantee);
446  bool isDashboardSystemRole(const std::string& roleName) const;
447  void updateUserRoleName(const std::string& roleName, const std::string& newName);
448  void getMetadataWithDefaultDB(std::string& dbname,
449  const std::string& username,
451  UserMetadata& user_meta);
457  bool allowLocalLogin() const;
458 
459  template <typename F, typename... Args>
460  void execInTransaction(F&& f, Args&&... args);
461 
463  void recordExecutedMigration(const std::string& migration_name) const;
464  bool hasVersionHistoryTable() const;
465  void createVersionHistoryTable() const;
466 
467  std::string basePath_;
470  std::unique_ptr<SqliteConnector> sqliteConnector_;
471 
472  std::shared_ptr<Data_Namespace::DataMgr> dataMgr_;
473  std::unique_ptr<PkiServer> pki_server_;
475  std::shared_ptr<Calcite> calciteMgr_;
476  std::vector<LeafHostInfo> string_dict_hosts_;
479 
480  // contains a map of all the catalog within this system
481  // it is lazy loaded
482  // std::map<std::string, std::shared_ptr<Catalog>> cat_map_;
483  using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>;
485 
486  static std::unique_ptr<SysCatalog> instance_;
487 
488  public:
489  mutable std::mutex sqliteMutex_;
491  mutable std::atomic<std::thread::id> thread_holding_sqlite_lock;
492  mutable std::atomic<std::thread::id> thread_holding_write_lock;
493  static thread_local bool thread_holds_read_lock;
494  // used by catalog when initially creating a catalog instance
495  std::shared_ptr<Catalog> dummyCatalog_;
496  std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_;
497  std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_;
499 };
500 
501 } // namespace Catalog_Namespace
502 
503 #endif // SYS_CATALOG_H
std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >> ObjectRoleDescriptorMap
Definition: SysCatalog.h:376
void recordExecutedMigration(const std::string &migration_name) const
const std::string INFORMATION_SCHEMA_MIGRATION
Definition: SysCatalog.h:66
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
std::vector< Catalog * > getCatalogsForAllDbs()
Definition: SysCatalog.cpp:980
void dropUser(const std::string &name)
Definition: SysCatalog.cpp:938
std::string cat(Ts &&...args)
auto duplicateAndRenameCatalog(std::string const &current_name, std::string const &new_name)
Definition: SysCatalog.cpp:143
SqliteConnector * getSqliteConnector()
Definition: SysCatalog.h:220
class for a per-database catalog. also includes metadata for the current database and the current use...
Definition: Catalog.h:111
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
DBObjectType
Definition: DBObject.h:42
std::set< std::string > getCreatedRoles() const
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
UserMetadata(UserMetadata const &user_meta)
Definition: SysCatalog.h:94
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void removeCatalog(const std::string &dbName)
string name
Definition: setup.in.py:72
std::string name() const
Definition: SysCatalog.h:335
static std::unique_ptr< SysCatalog > instance_
Definition: SysCatalog.h:486
std::atomic< std::thread::id > thread_holding_sqlite_lock
Definition: SysCatalog.h:491
UserMetadata & operator=(UserMetadata const &user_meta)
Definition: SysCatalog.h:104
void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
std::shared_ptr< Catalog > getDummyCatalog()
Definition: SysCatalog.h:347
ObjectRoleDescriptorMap objectDescriptorMap_
Definition: SysCatalog.h:469
const std::string OMNISCI_SYSTEM_CATALOG
Definition: SysCatalog.h:58
Definition: Grantee.h:75
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
Definition: SysCatalog.cpp:820
Definition: Grantee.h:81
std::vector< ObjectRoleDescriptor > getMetadataForAllObjects() const
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void syncUserWithRemoteProvider(const std::string &user_name, std::vector< std::string > idp_roles, bool *issuper, const std::string &default_db={})
void reassignObjectOwners(const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
Definition: SysCatalog.cpp:160
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
bool hasVersionHistoryTable() const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::unique_ptr< PkiServer > pki_server_
Definition: SysCatalog.h:473
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
Definition: SysCatalog.h:474
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
Definition: SysCatalog.h:217
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
static SysCatalog & instance()
Definition: SysCatalog.h:325
auto assembleCatalogName(std::string const &name)
Definition: SysCatalog.cpp:131
void alterUser(const std::string &name, const std::string *passwd, bool *issuper, const std::string *dbname, bool *can_login)
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::string g_base_path
Definition: SysCatalog.cpp:63
const std::string & getCatalogBasePath() const
Definition: SysCatalog.h:219
const std::string OMNISCI_DEFAULT_DB
Definition: SysCatalog.h:59
tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >> dbid_to_cat_map
Definition: SysCatalog.h:483
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
Definition: SysCatalog.h:496
std::shared_timed_mutex mapd_shared_mutex
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
Definition: SysCatalog.cpp:794
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
Definition: SysCatalog.h:472
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Definition: SysCatalog.cpp:828
Role * getRoleGrantee(const std::string &name) const
mapd_shared_mutex sharedMutex_
Definition: SysCatalog.h:490
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< SqliteConnector > sqliteConnector_
Definition: SysCatalog.h:470
CommonFileOperations(std::string const &base_path)
Definition: SysCatalog.h:155
void updateUserRoleName(const std::string &roleName, const std::string &newName)
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
Definition: SysCatalog.cpp:850
void renameUser(std::string const &old_name, std::string const &new_name)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
Definition: SysCatalog.cpp:139
const std::string OMNISCI_ROOT_USER
Definition: SysCatalog.h:60
const std::string OMNISCI_ROOT_PASSWD_DEFAULT
Definition: SysCatalog.h:63
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
Definition: SysCatalog.h:497
void setRestriction(Restriction in_restriction)
Definition: SysCatalog.h:129
void dropRole(const std::string &roleName, const bool is_temporary=false)
const int OMNISCI_ROOT_USER_ID
Definition: SysCatalog.h:61
void createVersionHistoryTable() const
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
void createUser(const std::string &name, const std::string &passwd, bool is_super, const std::string &dbname, bool can_login, bool is_temporary)
Definition: SysCatalog.cpp:858
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::vector< std::string > getRoles(bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user=false)
const std::string OMNISCI_ROOT_USER_ID_STR
Definition: SysCatalog.h:62
std::vector< LeafHostInfo > string_dict_hosts_
Definition: SysCatalog.h:476
const int32_t OMNISCI_TEMPORARY_USER_ID_RANGE
Definition: SysCatalog.h:64
char * t
std::shared_ptr< Calcite > calciteMgr_
Definition: SysCatalog.h:475
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
char * f
std::list< DBSummary > DBSummaryList
Definition: SysCatalog.h:151
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
Definition: SysCatalog.h:493
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
Calcite & getCalciteMgr() const
Definition: SysCatalog.h:218
bool isDashboardSystemRole(const std::string &roleName) const
constexpr double n
Definition: Utm.h:46
bool hasExecutedMigration(const std::string &migration_name) const
std::map< std::string, std::unique_ptr< Grantee >> GranteeMap
Definition: SysCatalog.h:374
std::string userLoggable() const
Definition: SysCatalog.cpp:127
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
const std::string INFORMATION_SCHEMA_DB
Definition: SysCatalog.h:65
std::shared_ptr< Catalog > dummyCatalog_
Definition: SysCatalog.h:495
void removeCatalogByFullPath(std::string const &full_path)
Definition: SysCatalog.cpp:135
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::atomic< bool > isSuper
Definition: SysCatalog.h:120
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void revokeDBObjectPrivilegesFromAllBatch(std::vector< DBObject > &objects, Catalog *catalog)
UserMetadata(int32_t u, const std::string &n, const std::string &p, bool s, int32_t d, bool l, bool t)
Definition: SysCatalog.h:79
std::atomic< std::thread::id > thread_holding_write_lock
Definition: SysCatalog.h:492