Class Catalog_Namespace::SysCatalog

class SysCatalog : private Catalog_Namespace::CommonFileOperations

Public Functions

void init(const std::string &basePath, std::shared_ptr<Data_Namespace::DataMgr> dataMgr, const AuthMetadata &authMetadata, std::shared_ptr<Calcite> calcite, bool is_new_db, bool aggregator, const std::vector<LeafHostInfo> &string_dict_hosts)

std::shared_ptr<Catalog> login(std::string &db, std::string &username, const std::string &password, UserMetadata &user_meta, bool check_password = true)

logins (connects) a user against a database.

throws a std::exception in all error cases! (including wrong password)

std::shared_ptr<Catalog> switchDatabase(std::string &dbname, const std::string &username)

UserMetadata createUser(std::string const &name, UserAlterations alts, bool is_temporary)

void dropUser(const std::string &name)

UserMetadata alterUser(std::string const &name, UserAlterations alts)

void renameUser(std::string const &old_name, std::string const &new_name)

void createDatabase(const std::string &dbname, int owner)

void renameDatabase(std::string const &old_name, std::string const &new_name)

void dropDatabase(const DBMetadata &db)

std::optional<UserMetadata> getUser(std::string const &uname)

std::optional<UserMetadata> getUser(int32_t const uid)

std::optional<DBMetadata> getDB(std::string const &dbname)

std::optional<DBMetadata> getDB(int32_t const dbid)

bool getMetadataForUser(const std::string &name, UserMetadata &user)

bool getMetadataForUserById(const int32_t idIn, UserMetadata &user)

bool checkPasswordForUser(const std::string &passwd, std::string &name, UserMetadata &user)

bool getMetadataForDB(const std::string &name, DBMetadata &db)

bool getMetadataForDBById(const int32_t idIn, DBMetadata &db)

Data_Namespace::DataMgr &getDataMgr() const

Calcite &getCalciteMgr() const

const std::string &getCatalogBasePath() const

SqliteConnector *getSqliteConnector()

list<DBMetadata> getAllDBMetadata()

list<UserMetadata> getAllUserMetadata()

list<UserMetadata> getAllUserMetadata(const int64_t dbId)

return the users associated with the given DB

DBSummaryList getDatabaseListForUser(const UserMetadata &user)

void createDBObject(const UserMetadata &user, const std::string &objectName, DBObjectType type, const Catalog_Namespace::Catalog &catalog, int32_t objectId = -1)

void renameDBObject(const std::string &objectName, const std::string &newName, DBObjectType type, int32_t objectId, const Catalog_Namespace::Catalog &catalog)

Renames an DBObject

Parameters

• objectName: - original DBObject name

• newName: - new name of DBObject

• type: - type of DBObject

• objectId: - original DBObject ID

• catalog: - Catalog instance object exists in

void grantDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void grantDBObjectPrivilegesBatch(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)

void revokeDBObjectPrivileges(const std::string &grantee, const DBObject &object, const Catalog_Namespace::Catalog &catalog)

void revokeDBObjectPrivilegesBatch(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)

void revokeDBObjectPrivilegesFromAll(DBObject object, Catalog *catalog)

void revokeDBObjectPrivilegesFromAll_unsafe(DBObject object, Catalog *catalog)

void revokeDBObjectPrivilegesFromAllBatch(std::vector<DBObject> &objects, Catalog *catalog)

void revokeDBObjectPrivilegesFromAllBatch_unsafe(std::vector<DBObject> &objects, Catalog *catalog)

void getDBObjectPrivileges(const std::string &granteeName, DBObject &object, const Catalog_Namespace::Catalog &catalog) const

bool verifyDBObjectOwnership(const UserMetadata &user, DBObject object, const Catalog_Namespace::Catalog &catalog)

void changeDBObjectOwnership(const UserMetadata &new_owner, const UserMetadata &previous_owner, DBObject object, const Catalog_Namespace::Catalog &catalog, bool revoke_privileges = true)

Change ownership of a DBObject

Parameters

• new_owner: - new owner of DBObject

• previous_owner: - previous owner of DBObject

• object: - DBObject to change ownership of

• catalog: - Catalog instance object exists in

• revoke_privileges: - if true, revoke previous_owner’s privileges

void createRole(const std::string &roleName, const bool user_private_role, const bool is_temporary = false)

void dropRole(const std::string &roleName, const bool is_temporary = false)

void grantRoleBatch(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)

void grantRole(const std::string &role, const std::string &grantee, const bool is_temporary = false)

void revokeRoleBatch(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)

void revokeRole(const std::string &role, const std::string &grantee, const bool is_temporary = false)

bool hasAnyPrivileges(const UserMetadata &user, std::vector<DBObject> &privObjects)

bool checkPrivileges(const UserMetadata &user, const std::vector<DBObject> &privObjects) const

bool checkPrivileges(const std::string &userName, const std::vector<DBObject> &privObjects) const

Grantee *getGrantee(const std::string &name) const

Role *getRoleGrantee(const std::string &name) const

User *getUserGrantee(const std::string &name) const

std::vector<ObjectRoleDescriptor *> getMetadataForObject(int32_t dbId, int32_t dbType, int32_t objectId) const

std::vector<ObjectRoleDescriptor> getMetadataForAllObjects() const

bool isRoleGrantedToGrantee(const std::string &granteeName, const std::string &roleName, bool only_direct) const

std::vector<std::string> getRoles(const std::string &user_name, bool effective = true)

std::vector<std::string> getRoles(bool include_user_private_role, bool is_super, const std::string &user_name, bool ignore_deleted_user = false)

std::vector<std::string> getRoles(const std::string &userName, const int32_t dbId)

std::set<std::string> getCreatedRoles() const

bool isAggregator() const

void populateRoleDbObjects(const std::vector<DBObject> &objects)

std::string name() const

void renameObjectsInDescriptorMap(DBObject &object, const Catalog_Namespace::Catalog &cat)

void syncUserWithRemoteProvider(const std::string &user_name, std::vector<std::string> idp_roles, UserAlterations alts)

std::unordered_map<std::string, std::vector<std::string>> getGranteesOfSharedDashboards(const std::vector<std::string> &dashboard_ids)

void check_for_session_encryption(const std::string &pki_cert, std::string &session)

std::vector<Catalog *> getCatalogsForAllDbs()

std::shared_ptr<Catalog> getDummyCatalog()

std::shared_ptr<Catalog> getCatalog(const std::string &dbName)

std::shared_ptr<Catalog> getCatalog(const int32_t db_id)

std::shared_ptr<Catalog> getCatalog(const DBMetadata &curDB, bool is_new_db)

void removeCatalog(const std::string &dbName)

~SysCatalog()

void reassignObjectOwners(const std::map<int32_t, std::vector<DBObject>> &old_owner_db_objects, int32_t new_owner_id, const Catalog_Namespace::Catalog &catalog)

Reassigns database object ownership from a set of users (old owners) to another user (new owner).

Parameters

• old_owner_db_objects: - map of user ids and database objects whose ownership will be reassigned

• new_owner_id: - id of user who will own reassigned database objects

• catalog: - catalog for database where ownership reassignment occurred

bool hasExecutedMigration(const std::string &migration_name) const

Public Members

std::mutex sqliteMutex_

mapd_shared_mutex sharedMutex_

std::atomic<std::thread::id> thread_holding_sqlite_lock

std::atomic<std::thread::id> thread_holding_write_lock

std::shared_ptr<Catalog> dummyCatalog_

std::unordered_map<std::string, std::shared_ptr<UserMetadata>> temporary_users_by_name_

std::unordered_map<int32_t, std::shared_ptr<UserMetadata>> temporary_users_by_id_

int32_t next_temporary_user_id_ = {OMNISCI_TEMPORARY_USER_ID_RANGE}

Public Static Functions

static SysCatalog &instance()

static void destroy()

Public Static Attributes

thread_local bool thread_holds_read_lock = false

Private Types

using GranteeMap = std::map<std::string, std::unique_ptr<Grantee>>

using ObjectRoleDescriptorMap = std::multimap<std::string, std::unique_ptr<ObjectRoleDescriptor>>

using dbid_to_cat_map = tbb::concurrent_hash_map<std::string, std::shared_ptr<Catalog>>

Private Functions

SysCatalog()

void initDB()

void buildRoleMap()

void buildUserRoleMap()

void buildObjectDescriptorMap()

void rebuildObjectMaps()

void checkAndExecuteMigrations()

void importDataFromOldMapdDB()

void createRoles()

void fixRolesMigration()

void addAdminUserRole()

void migratePrivileges()

void migratePrivileged_old()

void updateUserSchema()

void updatePasswordsToHashes()

void updateBlankPasswordsToRandom()

void updateSupportUserDeactivation()

void migrateDBAccessPrivileges()

void loginImpl(std::string &username, const std::string &password, UserMetadata &user_meta)

bool checkPasswordForUserImpl(const std::string &passwd, std::string &name, UserMetadata &user)

void grantDefaultPrivilegesToRole_unsafe(const std::string &name, bool issuper)

void createRole_unsafe(const std::string &roleName, const bool userPrivateRole, const bool is_temporary)

void dropRole_unsafe(const std::string &roleName, const bool is_temporary)

void grantRoleBatch_unsafe(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)

void grantRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void revokeRoleBatch_unsafe(const std::vector<std::string> &roles, const std::vector<std::string> &grantees)

void revokeRole_unsafe(const std::string &roleName, const std::string &granteeName, const bool is_temporary)

void updateObjectDescriptorMap(const std::string &roleName, DBObject &object, bool roleType, const Catalog_Namespace::Catalog &cat)

void deleteObjectDescriptorMap(const std::string &roleName)

void deleteObjectDescriptorMap(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &cat)

void grantDBObjectPrivilegesBatch_unsafe(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)

void grantDBObjectPrivileges_unsafe(const std::string &granteeName, const DBObject object, const Catalog_Namespace::Catalog &catalog)

void revokeDBObjectPrivilegesBatch_unsafe(const std::vector<std::string> &grantees, const std::vector<DBObject> &objects, const Catalog_Namespace::Catalog &catalog)

void revokeDBObjectPrivileges_unsafe(const std::string &granteeName, DBObject object, const Catalog_Namespace::Catalog &catalog)

void grantAllOnDatabase_unsafe(const std::string &roleName, DBObject &object, const Catalog_Namespace::Catalog &catalog)

void revokeAllOnDatabase_unsafe(const std::string &roleName, int32_t dbId, Grantee *grantee)

bool isDashboardSystemRole(const std::string &roleName) const

void updateUserRoleName(const std::string &roleName, const std::string &newName)

void getMetadataWithDefaultDB(std::string &dbname, const std::string &username, Catalog_Namespace::DBMetadata &db_meta, UserMetadata &user_meta)

bool allowLocalLogin() const

For servers configured to use external authentication providers, determine whether users will be allowed to fallback to local login accounts. If no external providers are configured, returns true.

template<typename F, typename ...Args>
void execInTransaction(F &&f, Args&&... args)

void initializeInformationSchemaDb()

void recordExecutedMigration(const std::string &migration_name) const

bool hasVersionHistoryTable() const

void createVersionHistoryTable() const

auto yieldTransactionStreamer()

Private Members

std::string basePath_

GranteeMap granteeMap_

ObjectRoleDescriptorMap objectDescriptorMap_

std::unique_ptr<SqliteConnector> sqliteConnector_

std::shared_ptr<Data_Namespace::DataMgr> dataMgr_

std::unique_ptr<PkiServer> pki_server_

const AuthMetadata *authMetadata_

std::shared_ptr<Calcite> calciteMgr_

std::vector<LeafHostInfo> string_dict_hosts_

bool aggregator_

dbid_to_cat_map cat_map_

Private Static Attributes

std::unique_ptr<SysCatalog> instance_