Class Catalog_Namespace::SysCatalog

class SysCatalog : private Catalog_Namespace::CommonFileOperations

Public Functions

void init(const std::string &basePath, std::shared_ptr<Data_Namespace::DataMgr> dataMgr, const AuthMetadata &authMetadata, std::shared_ptr<Calcite> calcite, bool is_new_db, bool aggregator, const std::vector<LeafHostInfo> &string_dict_hosts)
std::shared_ptr<Catalog> login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password = true)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

std::shared_ptr<Catalog> switchDatabase(std::string &dbname, const std::string &username)
UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)
void dropUser(const std::string &name)
UserMetadata alterUser(std::string const &name, UserAlterations alts)
void renameUser(std::string const &old_name, std::string const &new_name)
void createDatabase(const std::string &dbname, int owner)
void renameDatabase(std::string const &old_name, std::string const &new_name)
void dropDatabase(const DBMetadata &db)
std::optional<UserMetadata> getUser(std::string const &uname)
std::optional<UserMetadata> getUser(int32_t const uid)
std::optional<DBMetadata> getDB(std::string const &dbname)
std::optional<DBMetadata> getDB(int32_t const dbid)
bool getMetadataForUser(const std::string &name, UserMetadata &user)
bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)
bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)
bool getMetadataForDB(const std::string &name, DBMetadata &db)
bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)
Data_Namespace::DataMgr &getDataMgr() const
Calcite &getCalciteMgr() const
const std::string &getCatalogBasePath() const
SqliteConnector *getSqliteConnector()
list<DBMetadata> getAllDBMetadata()
list<UserMetadata> getAllUserMetadata()
list<UserMetadata> getAllUserMetadata(const int64_t dbId)

return the users associated with the given DB

DBSummaryList getDatabaseListForUser(const UserMetadata &user)
void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId = -1)
void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)

Renames an DBObject

Parameters

void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivilegesBatch(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)
void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)
void revokeDBObjectPrivilegesBatch(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)
void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)
void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)
void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject> &objects, Catalog *catalog)
void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject> &objects, Catalog *catalog)
void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const
bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)
void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges = true)

Change ownership of a DBObject

Parameters
  • new_owner: - new owner of DBObject

  • previous_owner: - previous owner of DBObject

  • object: - DBObject to change ownership of

  • catalog: - Catalog instance object exists in

  • revoke_privileges: - if true, revoke previous_owner’s privileges

void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary = false)
void dropRole(const std::string &roleName, const bool is_temporary = false)
void grantRoleBatch(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)
void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary = false)
void revokeRoleBatch(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)
void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary = false)
bool hasAnyPrivileges(const UserMetadata &user, std::vector<DBObject> &privObjects)
bool checkPrivileges(const UserMetadata &user, const std::vector<DBObject> &privObjects) const
bool checkPrivileges(const std::string &userName, const std::vector<DBObject> &privObjects) const
Grantee *getGrantee(const std::string &name) const
Role *getRoleGrantee(const std::string &name) const
User *getUserGrantee(const std::string &name) const
std::vector<ObjectRoleDescriptor *> getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const
std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const
bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const
std::vector<std::string> getRoles(const std::string &user_name, bool effective = true)
std::vector<std::string> getRoles(bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user = false)
std::vector<std::string> getRoles(const std::string &userName, const int32_t dbId)
std::set<std::string> getCreatedRoles() const
bool isAggregator() const
void populateRoleDbObjects(const std::vector<DBObject> &objects)
std::string name() const
void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)
void syncUserWithRemoteProvider(const std::string &user_name, std::vector<std::string> idp_roles, UserAlterations alts)
std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(const std::vector<std::string> &dashboard_ids)
void check_for_session_encryption(const std::string &pki_cert, std::string &session)
std::vector<Catalog *> getCatalogsForAllDbs()
std::shared_ptr<Catalog> getDummyCatalog()
std::shared_ptr<Catalog> getCatalog(const std::string &dbName)
std::shared_ptr<Catalog> getCatalog(const int32_t db_id)
std::shared_ptr<Catalog> getCatalog(const DBMetadata &curDB, bool is_new_db)
void removeCatalog(const std::string &dbName)
~SysCatalog()
void reassignObjectOwners(const std::map<int32_t, std::vector<DBObject>> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters
  • old_owner_db_objects: - map of user ids and database objects whose ownership will be reassigned

  • new_owner_id: - id of user who will own reassigned database objects

  • catalog: - catalog for database where ownership reassignment occurred

bool hasExecutedMigration(const std::string &migration_name) const

Public Members

std::mutex sqliteMutex_
mapd_shared_mutex sharedMutex_
std::atomic<std::thread::id> thread_holding_sqlite_lock
std::atomic<std::thread::id> thread_holding_write_lock
std::shared_ptr<Catalog> dummyCatalog_
std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_
std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_
int32_t next_temporary_user_id_ = {OMNISCI_TEMPORARY_USER_ID_RANGE}

Public Static Functions

static SysCatalog &instance()
static void destroy()

Public Static Attributes

thread_local bool thread_holds_read_lock = false

Private Types

using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>
using ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>
using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

Private Functions

SysCatalog()
void initDB()
void buildRoleMap()
void buildUserRoleMap()
void buildObjectDescriptorMap()
void rebuildObjectMaps()
void checkAndExecuteMigrations()
void importDataFromOldMapdDB()
void createRoles()
void fixRolesMigration()
void addAdminUserRole()
void migratePrivileges()
void migratePrivileged_old()
void updateUserSchema()
void updatePasswordsToHashes()
void updateBlankPasswordsToRandom()
void updateSupportUserDeactivation()
void migrateDBAccessPrivileges()
void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)
bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)
void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)
void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)
void dropRole_unsafe(const std::string &roleName, const bool is_temporary)
void grantRoleBatch_unsafe(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)
void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void revokeRoleBatch_unsafe(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)
void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)
void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)
void deleteObjectDescriptorMap(const std::string &roleName)
void deleteObjectDescriptorMap(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)
void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)
void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)
void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)
void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)
void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)
void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)
bool isDashboardSystemRole(const std::string &roleName) const
void updateUserRoleName(const std::string &roleName, const std::string &newName)
void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)
bool allowLocalLogin() const

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

template<typename F, typename ...Args>
void execInTransaction(F &&f, Args&&... args)
void initializeInformationSchemaDb()
void recordExecutedMigration(const std::string &migration_name) const
bool hasVersionHistoryTable() const
void createVersionHistoryTable() const
auto yieldTransactionStreamer()

Private Members

std::string basePath_
GranteeMap granteeMap_
ObjectRoleDescriptorMap objectDescriptorMap_
std::unique_ptr<SqliteConnector> sqliteConnector_
std::shared_ptr<Data_Namespace::DataMgr> dataMgr_
std::unique_ptr<PkiServer> pki_server_
const AuthMetadata *authMetadata_
std::shared_ptr<Calcite> calciteMgr_
std::vector<LeafHostInfo> string_dict_hosts_
bool aggregator_
dbid_to_cat_map cat_map_

Private Static Attributes

std::unique_ptr<SysCatalog> instance_