Row Based Entitlements

Question: We have a q instance which receives incoming requests from users for the orders table. The .z.pg function is invoked every time a new request is received, with the user's query as the input variable. Let's assume all users are sending qSQL strings to the instance. The .z.pg function should execute the query and return the desired data to the user. We want to, however, restrict access for certain data depending on the user. For example, if User A is not entitled other users' order information, then we must filter out all orders that do not belong to User A when User A queries the orders table. Given the simple entitlements dictionary (for current user) and orders table below, override the function '.z.pg' such that the queries are executed with the entitlements applied, and data is returned to the user. (Hint: 'parse' function will be helpful)

More Information:

https://code.kx.com/q/ref/parse/

Example

                                
                                q)entitlements:(1#.z.u)!enlist "user=`",string .z.u
q)entitlements
alvi| "user=`alvi"
q)\S 100
q)orders:([]user:`alvi`alvi`stacy`stacy;time:asc 4?.z.T;sym:`AAPL`MSFT`IBM`MSFT;side:`b`b`s`s;px:4?200f;size:100+4?1000j)
q)orders
user  time         sym  side px       size
------------------------------------------
alvi  05:19:11.631 AAPL b    167.6063 976
alvi  05:20:54.216 MSFT b    123.8255 161
stacy 13:24:33.507 IBM  s    183.6819 1016
stacy 20:37:20.709 MSFT s    106.1675 960

======== Remote q instance ========

q).z.u
`alvi
q)h:hopen 6000
q)h"select from orders"
user time         sym  side px       size
-----------------------------------------
alvi 00:00:19.135 AAPL b    167.6063 976
alvi 00:08:30.903 MSFT b    123.8255 161
q)h"select from orders where size>900"
user time         sym  side px       size
-----------------------------------------
alvi 00:00:19.135 AAPL b    167.6063 976
                                
                            

Solution

Tags:
architecture dictionaries ipc sql tables
Searchable Tags
algorithms api architecture csv data structures dictionaries disk feedhandler finance functions ingestion ipc iterators machine learning math multithreading optimizations realtime sql statistics streaming strings tables temporal websockets

Email sent!

Email not sent