various lp and other fixes, details below. -- added support for self referencing constraints -- limit clause can now be specified as a param (select * from t limit ?) -- lp 1448261. alter table add identity col is not allowed and now returns an error -- error is returned if a specified constraint in an alter/create statement exists on any table -- lp 1447343. cannot have more than one identity columns. -- embedded compiler is now used to get priv info during invoke/showddl. -- auth info is is not reread if already initialized -- sequence value function is now cacheable -- lp 1448257. inserts in volatile table with identity column now work -- lp 1447346. inserts with identity col default now work if inserted in a salted table. -- only one compiler is now needed to process ddl operations with or without authorization enabled -- query cache in embedded compiler is now cleared if user id changes -- pre-created default schema 'SEABASE' can no longer be dropped -- default schema 'SCH' is automatically created if running regressions and it doesn't exist. -- improvements in regressions run. -- regressions run no longer call a script from another sqlci session to init auth, create default schema and insert into defaults table before every regr script -- switched the order of regression runs -- updates from review comments.
Column-level privileges Support for column-level privileges will be in multiple deliveries.
This delivery add the following portions:
1. Creation of the metadata table COLUMN_PRIVILEGE. This table is created when the INITIALIZE AUTHORIZATION command is run. Existing privileges are preserved, but warnings are issued referring to existing metadata tables. An UPDATE option will be added later.
2. Granting of column-level privileges Full support is present for granting column-level privileges. Privileges can be added and updated for one or more columns on a table or view. Support for WITH GRANT OPTION is coded, though not enabled until WITH GRANT OPTION is enabled at the object level.
3. SHOWDDL The SHOWDDL command displays column-level privileges. Regardless of the order the privileges were granted, SHOWDDL displays them in column order, and within each column, in the order they appear in the bitmap (SELECT, INSERT, UPDATE, REFERENCES).
4. Revoking of column-level privileges Only partially implemented. The basic operation of revoking granted column-level privileges and grant option for is implemented. All relevant security checks are performed. GRANTED BY is not implemented. RESTRICT and CASCADE options are not supported. Hence, any dependent objects remain when column-level privileges are revoked.
In addition to column-level revoke only be partially implemented, here are other items not present in this delivery:
1. Privileges can be granted to roles and revoked from roles, but REVOKE ROLE does not consider column-level privileges when determining if an object depends on a role's granted privileges. 2. Similarly, revoke at the object level does not consider column-level privileges that may allow an object to remain after an object-level privilege is revoked. 3. CREATE VIEW does not consider column-level privileges when determining if the user has authority on the referenced tables and views. 4. Run-time DML operations do not considered column-level when determining if the user has authority to perform the query.