Security changes to support authorization Added support for authorization commands:
- initialize authorization [, drop] - create/drop roles - register/unregister components - create/drop component operations - grant/revoke object privileges - grant/revoke role privileges - grant/revoke component privileges - updates to GET and SHOWDDL statements - checking of privileges for DML requests - checking of privileges for DDL requests - regression tests added to catman1 library
Fixed a testware problem in catman1 TEST135 and TEST139 Fixed a parser problem introduced by compGeneral/TESTTOK2 which was recently introduced.
This delivery was part of code worked on by many people for several months on a remote branch. This team held bi-weekly meetings for several months to design and implement these features. These meetings also included extensive code reviews.
The security features which include authentication (which was delivered in June) and authorization is turned off by default. The traf_authentication_setup script located in $MY_SQROOT/sql/scripts needs to be run to enable both authentication and authorization. This procedure is described on the Trafodion Twiki page and will be updated once this delivery completed to include authorzation.
Updated traf_authentication_setup to return consistent error messages and added a comment to ComSmallDefs.h to address a buf size issue for metadata tables.
fix bug 1343661(cleanup HBASE partitioning), bug 1347819 and bug 1343566 1343661: please refer to sql/sqlcomp/DefaultConstConstants.h for the definition of CQD HBASE_PARTITIONING. 1347819: the change is in ExExeUtilLoad.cpp to disable HASH2 for fast load. 1343566: method NADefaults::getTotalNumOfESPsInCluster() now returns the correct value if CQD PARALLEL_NUM_ESPS is set to an integer value. Rework 1 to address Dave's review comments. Rework 2 to address Khaled's review comments as follows. A Boolean flag (isTrafLoadPrep_) is added to class BinWA to better control the type of partitioning functions needed for the traf preparation step. When we are binding all nodes, the flag is set to TRUE which instructs createNAFileSet() not to create hash2. Rework 3 to address Hans's review comments. If force to have hash2 and the partitioning function in the cached table is range, do not return the cached object. Rework 4 to address seabase/TEST015 core, which is reported in bug 1349990. Bug 1349990 is fixed in this rework.