Security changes to support authorization Added support for authorization commands:
- initialize authorization [, drop] - create/drop roles - register/unregister components - create/drop component operations - grant/revoke object privileges - grant/revoke role privileges - grant/revoke component privileges - updates to GET and SHOWDDL statements - checking of privileges for DML requests - checking of privileges for DDL requests - regression tests added to catman1 library
Fixed a testware problem in catman1 TEST135 and TEST139 Fixed a parser problem introduced by compGeneral/TESTTOK2 which was recently introduced.
This delivery was part of code worked on by many people for several months on a remote branch. This team held bi-weekly meetings for several months to design and implement these features. These meetings also included extensive code reviews.
The security features which include authentication (which was delivered in June) and authorization is turned off by default. The traf_authentication_setup script located in $MY_SQROOT/sql/scripts needs to be run to enable both authentication and authorization. This procedure is described on the Trafodion Twiki page and will be updated once this delivery completed to include authorzation.
Updated traf_authentication_setup to return consistent error messages and added a comment to ComSmallDefs.h to address a buf size issue for metadata tables.