LDAP changes/Synonyms and Grants/Reports
- Change primitives::login and ldap_authenticate to return a user record of user information if we can find it in LDAP, even if we could not authenticate the password, and pass back proper status
- Straightened out new views WRT Synonyms and Grants
- Implemented Users, Clearcase and DesignSync reports
Synonyms and Grants
When one creates a table or view in Oracle it appears to be "private" to the user who has created it. Others can get to the table but they need to specify a more qualified name. Additionally the need to have been granted access to it (at least select access).
So if we create a view, say foo, we also need to grant select access to those tables to the other users who might be using it. Additionally, in GPDB we have 3 DB level usernames: cm_gpdb, cm_gpdb_readonly and cm_gpdb_update. So if we create the view foo while logged in as cm_gpdb then login as say cm_gpdb_readonly, this new session will not be able to see foo.
So then the sequence is:
- Create the table or view
- Grant select privileges to the table or view:
- Log into Oracle database as other user and create synonym:
create or replace view foo ...
grant select to foo on cm_gpdb.foo for cm_gpdb_readonly
create or replace synonym foo for cm_gpdb.foo
Notes
- The database's schema name for GPDB is cm_gpdb above
- Grants need to be done whenever the table or view is recreated. Synonyms, being pointers, need to be created only when a new pointer is needed