Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable switching of 'user/role` context along with session parameter context at the beginning of the transaction #18241

Closed
yugabyte-ci opened this issue Jul 14, 2023 · 0 comments
Closed

Enable switching of 'user/role` context along with session parameter context at the beginning of the transaction #18241

yugabyte-ci opened this issue Jul 14, 2023 · 0 comments
Labels
area/ecosystem Label for all ecosystem related projects jira-originated kind/new-feature This is a request for a completely new feature priority/highest Highest priority issue

Comments

@yugabyte-ci
Copy link
Contributor

yugabyte-ci commented Jul 14, 2023
edited by jira bot
Loading

Jira Link: DB-7245
@yugabyte-ci yugabyte-ci added area/ecosystem Label for all ecosystem related projects jira-originated kind/new-feature This is a request for a completely new feature priority/highest Highest priority issue labels Jul 14, 2023
jayant07-yb pushed a commit that referenced this issue Aug 30, 2023
[#18241] YSQL: Enable switching of 'user/role` context along with ses…
3ea2e2c 
…sion parameter context

Summary:
To ensure the feature of global pool in Ysql Connection Manager. The following client context needs
to be set a the beginning of each transaction.

This client context involves:
  - Session parameters that are set by the client connection.
  - Database.
  - User.

This diff is to ensure that the `User` context is set properly at the beginning of each transaction.

The following fields are required to be stored in the shared memory regarding the user context.
  - User OID
  - role name
  - is_superuser

When the `SET SESSION PARAMETER` packet will be received at the Postgres layer, the following user ids will be updated accordingly.

- AuthenticatedUserId
- SessionUserId
- OuterUserId
- CurrentUserId

Since the role is set via the `SET` statement it is not needed to be handled separately and will be handled with other changed session parameters.
Session parameters `session_authorization` and `is_superuser` are required to be handled separately because they are not set by any setter statement.

This diff also contains changes for supporting `RESET` statement (except `RESET ALL`).
Jira: DB-7245

Test Plan:
Manual test:

Create a user and login to the database on the Ysql Connection Manager port via the new user (`u1`).
-  Use `select current_user;` to ensure that the session user is correct.
-  Ensure that the user is getting the correct privileges.

```[jayantanand@dev-server-janand-4-yb-build yugabyte-db]$ ./bin/ysqlsh -h 10.150.1.208 -U u1
ysqlsh (11.2-YB-2.19.2.0-b0)
Type "help" for help.

yugabyte=# select 1 ;
 ?column?
----------
        1
(1 row)

yugabyte=# select current_user;
 current_user
--------------
 u1
(1 row)

yugabyte=# create user u2;
ERROR:  permission denied to create role

```

Reviewers: nkumar, kkg, skumar

Reviewed By: skumar

Subscribers: mkumar, yql

Differential Revision: https://phorge.dev.yugabyte.com/D26971
jayant07-yb pushed a commit that referenced this issue Aug 30, 2023
[BACKPORT 2.19.2][#18241] YSQL: Enable switching of 'user/role` conte…
b950ef1 
…xt along with session parameter context

Summary:
Original commit: 3ea2e2c / D26971
To ensure the feature of global pool in Ysql Connection Manager. The following client context needs
to be set a the beginning of each transaction.

This client context involves:
  - Session parameters that are set by the client connection.
  - Database.
  - User.

This diff is to ensure that the `User` context is set properly at the beginning of each transaction.

The following fields are required to be stored in the shared memory regarding the user context.
  - User OID
  - role name
  - is_superuser

When the `SET SESSION PARAMETER` packet will be received at the Postgres layer, the following user ids will be updated accordingly.

- AuthenticatedUserId
- SessionUserId
- OuterUserId
- CurrentUserId

Since the role is set via the `SET` statement it is not needed to be handled separately and will be handled with other changed session parameters.
Session parameters `session_authorization` and `is_superuser` are required to be handled separately because they are not set by any setter statement.

This diff also contains changes for supporting `RESET` statement (except `RESET ALL`).
Jira: DB-7245

Test Plan:
Manual test:

Create a user and login to the database on the Ysql Connection Manager port via the new user (`u1`).
-  Use `select current_user;` to ensure that the session user is correct.
-  Ensure that the user is getting the correct privileges.

```[jayantanand@dev-server-janand-4-yb-build yugabyte-db]$ ./bin/ysqlsh -h 10.150.1.208 -U u1
ysqlsh (11.2-YB-2.19.2.0-b0)
Type "help" for help.

yugabyte=# select 1 ;
 ?column?
----------
        1
(1 row)

yugabyte=# select current_user;
 current_user
--------------
 u1
(1 row)

yugabyte=# create user u2;
ERROR:  permission denied to create role

```

Reviewers: nkumar, kkg, skumar, rbarigidad

Reviewed By: nkumar

Subscribers: yql, mkumar

Differential Revision: https://phorge.dev.yugabyte.com/D28187
@nyndyny nyndyny mentioned this issue Apr 6, 2024
Open
@ryan-ally ryan-ally mentioned this issue Apr 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ecosystem Label for all ecosystem related projects jira-originated kind/new-feature This is a request for a completely new feature priority/highest Highest priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yugabyte-ci