40 #include <unordered_map>
44 #include "tbb/concurrent_hash_map.h"
50 #include "../DataMgr/DataMgr.h"
51 #include "../SqliteConnector/SqliteConnector.h"
54 #include "../Calcite/Calcite.h"
62 namespace Catalog_Namespace {
93 if (
this != &user_meta) {
123 std::string
toString(
bool hide_password =
true)
const;
154 std::string
const& new_name);
168 void init(
const std::string& basePath,
169 std::shared_ptr<Data_Namespace::DataMgr> dataMgr,
171 std::shared_ptr<Calcite> calcite,
174 const std::vector<LeafHostInfo>& string_dict_hosts);
181 std::shared_ptr<Catalog>
login(std::string& db,
182 std::string& username,
183 const std::string& password,
185 bool check_password =
true);
187 const std::string& username);
191 void dropUser(
const std::string& name);
193 void renameUser(std::string
const& old_name, std::string
const& new_name);
195 void renameDatabase(std::string
const& old_name, std::string
const& new_name);
197 std::optional<UserMetadata>
getUser(std::string
const& uname) {
203 std::optional<UserMetadata>
getUser(int32_t
const uid) {
209 std::optional<DBMetadata>
getDB(std::string
const& dbname) {
215 std::optional<DBMetadata>
getDB(int32_t
const dbid) {
240 const std::string& objectName,
243 int32_t objectId = -1);
254 const std::string& newName,
262 const std::vector<DBObject>& objects,
268 const std::vector<DBObject>& objects,
295 bool revoke_privileges =
true);
297 const bool user_private_role,
298 const bool is_temporary =
false);
299 void dropRole(
const std::string& roleName,
const bool is_temporary =
false);
301 const std::vector<std::string>& grantees);
303 const std::string& grantee,
304 const bool is_temporary =
false);
306 const std::vector<std::string>& grantees);
308 const std::string& grantee,
309 const bool is_temporary =
false);
314 const std::vector<DBObject>& privObjects)
const;
316 const std::vector<DBObject>& privObjects)
const;
322 int32_t objectId)
const;
325 const std::string& roleName,
326 bool only_direct)
const;
327 std::vector<std::string>
getRoles(
const std::string& user_name,
bool effective =
true);
328 std::vector<std::string>
getRoles(
bool include_user_private_role,
330 const std::string& user_name,
331 bool ignore_deleted_user =
false);
332 std::vector<std::string>
getRoles(
const std::string& userName,
const int32_t dbId);
351 std::vector<std::string> idp_roles,
354 const std::vector<std::string>& dashboard_ids);
360 std::shared_ptr<Catalog>
getCatalog(
const std::string& dbName);
361 std::shared_ptr<Catalog>
getCatalog(
const int32_t db_id);
378 const std::map<int32_t, std::vector<DBObject>>& old_owner_db_objects,
379 int32_t new_owner_id,
385 using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>;
387 std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>;
409 const std::string& password,
418 const bool userPrivateRole,
419 const bool is_temporary);
420 void dropRole_unsafe(
const std::string& roleName,
const bool is_temporary);
422 const std::vector<std::string>& grantees);
424 const std::string& granteeName,
425 const bool is_temporary);
427 const std::vector<std::string>& grantees);
429 const std::string& granteeName,
430 const bool is_temporary);
440 const std::vector<DBObject>& objects,
446 const std::vector<DBObject>& objects,
460 const std::string& username,
470 template <
typename F,
typename... Args>
494 using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>;
514 #endif // SYS_CATALOG_H
std::optional< std::string > passwd
std::optional< DBMetadata > getDB(std::string const &dbname)
std::multimap< std::string, std::unique_ptr< ObjectRoleDescriptor >> ObjectRoleDescriptorMap
void recordExecutedMigration(const std::string &migration_name) const
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
void migrateDBAccessPrivileges()
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
std::vector< Catalog * > getCatalogsForAllDbs()
void dropUser(const std::string &name)
auto duplicateAndRenameCatalog(std::string const ¤t_name, std::string const &new_name)
SqliteConnector * getSqliteConnector()
std::optional< std::string > default_db
class for a per-database catalog. also includes metadata for the current database and the current use...
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges=true)
int32_t next_temporary_user_id_
std::set< std::string > getCreatedRoles() const
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary=false)
std::string const & base_path_
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::optional< UserMetadata > getUser(std::string const &uname)
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void removeCatalog(const std::string &dbName)
static std::unique_ptr< SysCatalog > instance_
std::atomic< std::thread::id > thread_holding_sqlite_lock
void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary=false)
std::shared_ptr< Catalog > getDummyCatalog()
ObjectRoleDescriptorMap objectDescriptorMap_
void updatePasswordsToHashes()
Grantee * getGrantee(const std::string &name) const
void dropDatabase(const DBMetadata &db)
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
std::vector< ObjectRoleDescriptor > getMetadataForAllObjects() const
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
void reassignObjectOwners(const std::map< int32_t, std::vector< DBObject >> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)
std::string toString(bool hide_password=true) const
void importDataFromOldMapdDB()
void init(const std::string &basePath, std::shared_ptr< Data_Namespace::DataMgr > dataMgr, const AuthMetadata &authMetadata, std::shared_ptr< Calcite > calcite, bool is_new_db, bool aggregator, const std::vector< LeafHostInfo > &string_dict_hosts)
std::optional< bool > is_super
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId=-1)
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
bool hasVersionHistoryTable() const
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::unique_ptr< PkiServer > pki_server_
void revokeDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
const AuthMetadata * authMetadata_
void updateBlankPasswordsToRandom()
void grantRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
Data_Namespace::DataMgr & getDataMgr() const
bool checkPrivileges(const UserMetadata &user, const std::vector< DBObject > &privObjects) const
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)
static SysCatalog & instance()
auto assembleCatalogName(std::string const &name)
bool wouldChange(UserMetadata const &user_meta) const
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
auto yieldTransactionStreamer()
const std::string kDefaultDbName
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
const std::string & getCatalogBasePath() const
tbb::concurrent_hash_map< std::string, std::shared_ptr< Catalog >> dbid_to_cat_map
std::unordered_map< std::string, std::shared_ptr< UserMetadata > > temporary_users_by_name_
std::shared_timed_mutex mapd_shared_mutex
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
std::shared_ptr< Catalog > login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password=true)
void revokeRoleBatch_unsafe(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch(const std::vector< std::string > &roles, const std::vector< std::string > &grantees)
std::shared_ptr< Data_Namespace::DataMgr > dataMgr_
UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)
DBSummaryList getDatabaseListForUser(const UserMetadata &user)
std::shared_ptr< Catalog > switchDatabase(std::string &dbname, const std::string &username)
Role * getRoleGrantee(const std::string &name) const
std::optional< UserMetadata > getUser(int32_t const uid)
mapd_shared_mutex sharedMutex_
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector< DBObject > &objects, Catalog *catalog)
User * getUserGrantee(const std::string &name) const
void grantDBObjectPrivilegesBatch(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
std::unique_ptr< SqliteConnector > sqliteConnector_
CommonFileOperations(std::string const &base_path)
void updateUserRoleName(const std::string &roleName, const std::string &newName)
std::list< UserMetadata > getAllUserMetadata()
void grantDBObjectPrivilegesBatch_unsafe(const std::vector< std::string > &grantees, const std::vector< DBObject > &objects, const Catalog_Namespace::Catalog &catalog)
void execInTransaction(F &&f, Args &&...args)
const int32_t kTempUserIdRange
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
void renameUser(std::string const &old_name, std::string const &new_name)
std::shared_ptr< Catalog > getCatalog(const std::string &dbName)
void migratePrivileged_old()
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
bool hasAnyPrivileges(const UserMetadata &user, std::vector< DBObject > &privObjects)
void deleteObjectDescriptorMap(const std::string &roleName)
void removeCatalogByName(std::string const &name)
void updateSupportUserDeactivation()
void checkAndExecuteMigrations()
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
std::unordered_map< int32_t, std::shared_ptr< UserMetadata > > temporary_users_by_id_
bool allowLocalLogin() const
void syncUserWithRemoteProvider(const std::string &user_name, std::vector< std::string > idp_roles, UserAlterations alts)
void dropRole(const std::string &roleName, const bool is_temporary=false)
void createVersionHistoryTable() const
std::list< DBMetadata > getAllDBMetadata()
void renameDatabase(std::string const &old_name, std::string const &new_name)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
std::vector< LeafHostInfo > string_dict_hosts_
std::optional< bool > can_login
std::shared_ptr< Calcite > calciteMgr_
std::unordered_map< std::string, std::vector< std::string > > getGranteesOfSharedDashboards(const std::vector< std::string > &dashboard_ids)
std::list< DBSummary > DBSummaryList
void populateRoleDbObjects(const std::vector< DBObject > &objects)
static thread_local bool thread_holds_read_lock
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
std::optional< DBMetadata > getDB(int32_t const dbid)
Calcite & getCalciteMgr() const
bool isDashboardSystemRole(const std::string &roleName) const
bool isAggregator() const
bool hasExecutedMigration(const std::string &migration_name) const
std::map< std::string, std::unique_ptr< Grantee >> GranteeMap
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
void createDatabase(const std::string &dbname, int owner)
UserMetadata alterUser(std::string const &name, UserAlterations alts)
void buildObjectDescriptorMap()
std::shared_ptr< Catalog > dummyCatalog_
void removeCatalogByFullPath(std::string const &full_path)
std::vector< ObjectRoleDescriptor * > getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::vector< std::string > getRoles(const std::string &user_name, bool effective=true)
bool getMetadataForDB(const std::string &name, DBMetadata &db)
void revokeDBObjectPrivilegesFromAllBatch(std::vector< DBObject > &objects, Catalog *catalog)
void initializeInformationSchemaDb()
std::atomic< std::thread::id > thread_holding_write_lock