FishEye: Diff - Trafodion/core/sql/sqlcomp/PrivMgr.h

Tree
Options

8f658ef

Trafodion-1100 Creator of view in private schema unable to select from view
For private schemas, all objects are owned by the schema owner. If an authID
has create component privilege, they can create objects in other schemas.
However, the owner of the new object is still the schema owner.

When the object creator is not the schema owner, then the schema owner
automatically becomes the owner and the object creator is granted all relevant
privileges on the object WGO.

For views, this was not working correctly.

Also found another issue where column privileges were not being handled
correctly when generating the privileges list.

Problem is described in more detail in the JIRA

Changes:

CmpSeabaseDDLview - changed the create view code to add privileges for both the
schema owner and the view creator, and fixes the privilege list issue.
PrivMgr - added a helper function to convert an authID to an authName
PrivMgrCommands - changed the API to send in the grantor ID
PrivMgrPrivileges - changed the code to use the passed in grantor
TEST141 - added a new regression test, it is currently skipped until
trafodion-1087 is resolved.

19 Nov 15 Roberta Marton <roberta.marton@esgyn.com> 8f658efa21fea35336f8b814bb37d1f5c2bbf3da

23e24b4

Changes for JIRA TRAFODION-353, 1200, 1214, and 12
1. JIRA Trafodion-353 (Launchpad 1324716):
.traf_authentication_config syntax errors on blank
corrected
2. JIRA Trafodion-1200 (Launchpad 1447336):
DB__ROOTROLE now equivalent to DB__ROOT (completed
in this delivery).
3. JIRA Trafodion-1214 (Launchpad 1450122):
LDAPSSL (level 1) now uses TLS_CACERTFILE.

4. JIRA Trafodion-12 - grant revoke enhancements including:

Six new component-level privileges: DML_DELETE, DML_INSERT,
DML_REFERENCES, DML_SELECT, DML_UPDATE, and DML_USAGE.
Authorization IDs granted a DML privilege at the system
(SQL_OPERATIONS component-level) have the privilege
on all objects in the Trafodion database.

Users who have the MANAGE_PRIVILEGE component-level privilege
can also grant "WITH GRANT OPTION" any privilege they have.
In addition, they implicitly grant on behalf of the owner when
the GRANTED BY clause is omitted. (Mimics DB__ROOT behavior.)

Tracing had been added (but not yet enabled) to better debug
grant and revoke problems

Column level privilege enforcement has been added and column
level privileges support is enabled.

28 Aug 15 Roberta Marton <roberta.marton@esgyn.com> 23e24b4a0b7657b2dd53ff2c3dff70f071d32ce4

Loading ...