Trafodion-1100 Creator of view in private schema unable to select from view For private schemas, all objects are owned by the schema owner. If an authID has create component privilege, they can create objects in other schemas. However, the owner of the new object is still the schema owner.
When the object creator is not the schema owner, then the schema owner automatically becomes the owner and the object creator is granted all relevant privileges on the object WGO.
For views, this was not working correctly.
Also found another issue where column privileges were not being handled correctly when generating the privileges list.
Problem is described in more detail in the JIRA
CmpSeabaseDDLview - changed the create view code to add privileges for both the schema owner and the view creator, and fixes the privilege list issue. PrivMgr - added a helper function to convert an authID to an authName PrivMgrCommands - changed the API to send in the grantor ID PrivMgrPrivileges - changed the code to use the passed in grantor TEST141 - added a new regression test, it is currently skipped until trafodion-1087 is resolved.
Six new component-level privileges: DML_DELETE, DML_INSERT, DML_REFERENCES, DML_SELECT, DML_UPDATE, and DML_USAGE. Authorization IDs granted a DML privilege at the system (SQL_OPERATIONS component-level) have the privilege on all objects in the Trafodion database.
Users who have the MANAGE_PRIVILEGE component-level privilege can also grant "WITH GRANT OPTION" any privilege they have. In addition, they implicitly grant on behalf of the owner when the GRANTED BY clause is omitted. (Mimics DB__ROOT behavior.)
Tracing had been added (but not yet enabled) to better debug grant and revoke problems
Column level privilege enforcement has been added and column level privileges support is enabled.