Ensure UID returned for MD tables is non-null When an NATable is created for a metadata table, the UID is not known. Under certain conditions, this creates a problem whereby the AUTHS table can not be read, and access to a table is incorrectly denied. In this fix, the NATable::objectUid() function is changed to do a lookup of the UID for a metadata table if it is 0, and to store the result in NATable for future calls.
Security changes to support authorization Added support for authorization commands:
- initialize authorization [, drop] - create/drop roles - register/unregister components - create/drop component operations - grant/revoke object privileges - grant/revoke role privileges - grant/revoke component privileges - updates to GET and SHOWDDL statements - checking of privileges for DML requests - checking of privileges for DDL requests - regression tests added to catman1 library
Fixed a testware problem in catman1 TEST135 and TEST139 Fixed a parser problem introduced by compGeneral/TESTTOK2 which was recently introduced.
This delivery was part of code worked on by many people for several months on a remote branch. This team held bi-weekly meetings for several months to design and implement these features. These meetings also included extensive code reviews.
The security features which include authentication (which was delivered in June) and authorization is turned off by default. The traf_authentication_setup script located in $MY_SQROOT/sql/scripts needs to be run to enable both authentication and authorization. This procedure is described on the Trafodion Twiki page and will be updated once this delivery completed to include authorzation.
Updated traf_authentication_setup to return consistent error messages and added a comment to ComSmallDefs.h to address a buf size issue for metadata tables.