Miscellaneous DDL and security bug fixes Fixed a testware issue with fullstack2/TEST062 that occurred during release testing
Bug 1415196 - Alter volatile table add column cores at CmpSeabaseDDL::alterSeabaseTableAddColumn()
Added a check to not allow add or drop column for volatile tables: - sqlcomp/CmpSeabaseDDLtable.cpp
Bug 1415232 - A failed create view causes a volatile table to disappear
The code to bind a view does not correctly reset the volatile schema in use session parameter in case of an error. Subsequent calls do not check for volatile objects.
Bug 1371265 - should not allow grants to DB__ROOT or current user
Added a check at grant to prevent this
Bug 1392491 - Unavailability of privmgr metadata error is incomplete
If not all the privmgr metadata is available, then a new Compile context flag called IS_AUTHORIZATION_READY is set. This flag is adjusted when a new compiler context is started, and when authorization is enabled and disabled.
When isAuthorizationEnabled is called and authorization is incomplete, error 1234 is now returned by default.
After coding changes were added, a request to not check all privmgr metadata table at context startup was requseted - a performance concern. Fix was changed to check all tables for debug builds but check only one table for release builds. If the performance problem is fixed, then we can go back and check for all privmgr tables.
Bug 1402009 - DB__ROOT is unable to grant privilege on object in private schema
When DB__ROOT executes a grant or revoke on objects it does not own, need to change the grantor from DB__ROOT to the object owner. This matches the same behavior for other DDL operations such as CREATE.
As part of this fix, the GRANTED BY clause is now allowed for GRANT statements but it won't be complete until LP bug 1414225 is done.
Bug 1414125 - User without priv can view data in metadata tables
Fixes were in place for all metadata tables except the privmgr metadata tables. The priv information was always being set to none in setupPrivInfo (NATable) and revoking a privilege was not correctly removing privilege information from object_privileges.
The following Launchpad bugs are fixed in this change: Bug 1370749: Now using MAX_USERNAME_LEN instead of hardcoded value
Bug 1413760: CREATE TABLE LIKE was failing in some circumstances because SHOWDDL was including the BY clause. Ownership rules changes in CREATE TABLE changed when ANSI schemas was implemented, so the BY clause is no longer needed.
Bug 1392107: Privileges granted on a view are no longer lost if the view is replaced via CREATE OR REPLACE VIEW.
Bug 1370740: A potential memory corruption problem is now avoided by reworking the authorization name lookup functions.
Bug 1413767: Previously DROP SCHEMA CASCADE would fail to drop a table with an IDENTITY column.
Bug 1413758: Previously DROP TABLE CASCADE did not drop nested views.
Bug 1412891: Previously DROP TABLE CASCADE failed if a dependent object contained a delimited name.
Changes are present for 1392086, but the work is not yet completed. This problem is related to roles and security keys.
Code changes are also present for giving ownership of an object to another authorization ID, but these changes are not complete. A description of the changes is included.
The GIVE command transfers ownership of a SQL item from one authorization ID to another. Implemented in this delivery is GIVE SCHEMA and GIVE ALL.
GIVE ALL transfers all SQL items owned by an authorization ID to another authorization ID. Current or new owner can be a user or a role. The GIVE ALL command requires the ALTER privilege.
GIVE ALL FROM authID TO authID
GIVE SCHEMA behavior depends on the type of schema and whether RESTRICT or CASCADE is specified. For private schemas, all the objects in the schema are given, as well as the schema itself. For shared schemas, only the schema is given, unless the CASCADE option is specified. In that case, ownership of all the objects in the shared schema is given to the new owner. Use of the CASCADE option requires the ALTER_SCHEMA privilege. Otherwise, GIVE SCHEMA only requires the user to be the owner of the schema.
GIVE SCHEMA schema-name TO authID [RESTRICT|CASCADE]
NOTE: RESTRICT and CASCADE are not applicable to private schemas and are ignored.
GIVE OBJECT is added to the syntax but is not implemented and may not be implemented.
A more detailed blueprint will be provided prior to the final delivery of GIVE.