Alexey Kukushkin created IGNITE-8135:
----------------------------------------
Summary: Missing SQL-DDL Authorization
Key: IGNITE-8135
URL:
https://issues.apache.org/jira/browse/IGNITE-8135 Project: Ignite
Issue Type: Task
Components: sql
Affects Versions: 2.5
Reporter: Alexey Kukushkin
Ignite has infrastructure to support 3-rd party security plugins. To support authorization, Ignite has security checks spread all over the code delegating actual authorization to a 3rd party security plugins if configured.
In addition to existing checks, Ignite 2.5 will authorise "create" and "destroy" cache operations.
The problem is authorization is not implemented for SQL at all - even if authorization is enabled, it is currently possible to run any SQL to create/drop/alter caches and read/modify/remove the cache data thus bypassing security. The problem exists for both DDL (create/drop/alter table) and DML (select/merge/insert/delete).
This ticket addresses DDL only: DML will be addressed by a different ticket.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
