1073471 – On DB upgrade, readonly user and client custom users losses permissions to db views

Bug 1073471 - On DB upgrade, readonly user and client custom users losses permissions to db views

Summary: On DB upgrade, readonly user and client custom users losses permissions to db...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-dwh
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.4.0
Assignee:	Eli Mesika
QA Contact:	Barak Dagan
Docs Contact:
URL:
Whiteboard:	integration
Duplicates (1):	1099132 (view as bug list)
Depends On:
Blocks:	1078129 rhev3.4snap1
TreeView+	depends on / blocked

Reported:	2014-03-06 13:43 UTC by Shirly Radco
Modified:	2014-06-09 15:18 UTC (History)
CC List:	14 users (show)
Fixed In Version:	rhevm-dwh-3.4.0-10.el6ev.noarch.rpm
Doc Type:	Bug Fix
Doc Text:	Previously, the read-only user and custom users for the data warehouse database would lose access to views in the database when the database was upgraded. This was caused by the views being regenerated when the database was upgraded and the permissions for those views not being applied to the newly generated views. Now, user permissions are retained when the database is upgraded.
Clone Of:
Clones:	1078129 (view as bug list)
Environment:
Last Closed:	2014-06-09 15:18:34 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2014:0601	normal	SHIPPED_LIVE	rhevm-dwh 3.4 bug fix and enhancement update	2014-06-09 19:15:53 UTC
oVirt gerrit	25552	None	None	None	Never
oVirt gerrit	25709	None	None	None	Never
oVirt gerrit	25749	None	None	None	Never
oVirt gerrit	25923	None	None	None	Never
oVirt gerrit	25925	None	None	None	Never
oVirt gerrit	27860	master	MERGED	packaging: setup: Do not fail on errors while restoring permissions	Never
oVirt gerrit	27907	master	MERGED	packaging: dbscripts: Do not fail on errors while restoring permissions	Never
oVirt gerrit	27942	ovirt-engine-3.4	MERGED	packaging: setup: Do not fail on errors while restoring permissions	Never

Description Shirly Radco 2014-03-06 13:43:19 UTC

Description of problem:

On upgrade, readonly user and client custom users losses permissions to db views

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:

Can not select from history db views or run reports

Expected results:



Additional info:

Comment 1 Shirly Radco 2014-03-06 14:05:42 UTC

Steps to Reproduce:
1.Install system
2.create user
3.give user permission to a view(doesn't matter which).
4. add upgrade file with "SELECT 1"
5.Run update

Actual results:

User losses permissions to the view.

Expected results:

User keeps permissions after upgrade.

Comment 2 Yaniv Lavi 2014-03-06 16:52:26 UTC

Barak, I think this needs a z stream flag.


Yaniv

Comment 3 Yaniv Lavi 2014-03-09 10:22:38 UTC

We need to figure out a solution for this. While it is less severe on the engine, it also affect it.



Yaniv

Comment 4 Alon Bar-Lev 2014-03-09 10:27:05 UTC

it is totally related to dbscripts.

current implementation is to drop all views and sps and recreate, hence permissions are dropped.

not sure I am the right contact for that.

Comment 5 Yaniv Lavi 2014-03-16 13:35:18 UTC

Any update on getting this to 3.3\3.4 dwh?



Yaniv

Comment 6 Eli Mesika 2014-03-17 21:40:22 UTC

(In reply to Yaniv Dary from comment #5)
> Any update on getting this to 3.3\3.4 dwh?
> 
> 
> 
> Yaniv

Needs to meregd first to 3.4.0

Comment 9 Barak Dagan 2014-03-27 10:06:38 UTC

Verified upgrading from 3.3.2 to av4

# psql -h "My.3.4.0.Vdc" -d ovirt_engine_history -U readonly -c "select column_name from information_schema.columns limit 2;"

Password for user readonly: 

 column_name 
-------------
 tmplname
 tmpltrusted

But it is missing from the new 10-setup-database.conf file:

# grep 'DWH_DB' /etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf* | grep USER
/etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf:DWH_DB_USER="engine_history"
/etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf.20140326100629:DWH_DB_USER=engine_history
/etc/ovirt-engine-dwh/ovirt-engine-dwhd.conf.d/10-setup-database.conf.20140326100629:DWH_DB_READONLY_USER=readonly

Comment 10 Yaniv Lavi 2014-05-20 14:03:47 UTC

*** Bug 1099132 has been marked as a duplicate of this bug. ***

Comment 11 Barak Dagan 2014-05-27 17:16:09 UTC

Verified on av9.2:

rhevm-3.4.0-0.21.el6ev.noarch
rhevm-dwh-3.4.0-10.el6ev.noarch
rhevm-reports-3.4.0-9.el6ev.noarch

upgraded from is36.3:

rhevm-3.3.3-0.51.el6ev.noarch.rpm
rhevm-dwh-3.3.3-1.el6ev.noarch.rpm
rhevm-reports-3.3.3-1.el6ev.noarch.rpm

[root@vm1 ~]# su - postgres -c "psql -h vm1 -d engine -U engine_history -c 'select 1;'"
Password for user engine_history: 
 ?column? 
----------
        1

[root@vm1 ~]# su - postgres -c "psql -h vm1 -d ovirt_engine_history -U engine_history -c 'select 1;'"
Password for user engine_history: 
 ?column? 
----------
        1

Comment 12 errata-xmlrpc 2014-06-09 15:18:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-0601.html

Note You need to log in before you can comment on or make changes to this bug.