TRAFODION  Initialize authorization cannot be run in a DDL transaction As part of DDL transaction work, there is a goal to run all DDL and DDL like operations in a single DDL transaction. This delivery changes initialize trafodion and initialize authorization to make this happen.
Prior to DDL transactions, initialize authorization would either add or drop authorization support. Part of this required that all compiler processes associated with the master process be killed to clear out information stored in memory. When DDL transactions were added, killing the compiler processes caused the DDL transaction to abort. This means that initialize authorization could not be run in DDL transation. Initialize trafodion calls initialize authorization when security is enabled, so initialize trafodion was not able to run in DDL transactions.
A change was made to send a CmpMessageDatabaseUser request to the child arkcmp processes after authorization was initialized or dropped. This request is reponsible for setting appropriate memory attributes so we no longer require arkcmps to be terminated. Changes were piggy backed on current support that sends usernames and IDs to child arkcmps.
A new method called ContextCli::updateMxcmpSession is called during initialize and drop requests. This calls send a message to associated arkcmp process to update session attributes for user information. It then propagates the message to other child arkcmp processes.
To make this work, the following code was changed to generate and recognize the new message format: CmpStatement.cpp (process - CmpMessageDatabaseUser) Context.cpp (createMxcmpSession & updateMxcmpSession) ExSqlComp.cpp (resendControls)
The following was changed to support DDL transactions: CmpSeabaseDDLcommon.cpp (initSeabaseAuthorization & dropSeabaseAuthorization) GenPreCode.cpp (allow DDL transaction for initialize trafodion) SqlciErrors.txt (allow initialize authorization to succeed with warnings)
This also includes a change on how Trafodion processes alter user operations that allow predefined users to be modified by someone with the correct privileges.