SHOWDDL, QUERY Cancel, rework This delivery addresses security issues with SHOWDDL, adds initial support for security in query cancel, and implements part of the proposed GIVE commands.
Bug 1414234: SHOWDDL command now check component privileges. SHOW is granted to PUBLIC by default, so effectively there are no new restrictions unless SHOW is revoked from PUBLIC.
SHOWDDL COMPONENT now checks for MANAGE_COMPONENTS or SHOW privilege. SHOWDDL ROLE now checks for MANAGE_ROLES or SHOW privilege. SHOWDDL SCHEMA now checks for SHOW privilege. SHOWDDL USER now checks for MANAGE_USERS or SHOW privilege.
SHOWDDL LIBRARY is implemented. A user must have the USAGE privilege on the library, or the MANAGE_LIBRARY or SHOW privilege.
New function to determine if the user canceling the query has the authority: either DB__ROOT, or the user owns the query, or the user has the QUERY_CANCEL privilege. Note, the code is delivered in an inactive state pending future integration.
Three new component privileges are added: QUERY_ACTIVATE, QUERY_CANCEL, and QUERY_SUSPEND. These will be added if authorization is dropped and reinitialized. A future delivery will add an INITIALIZE AUTHORIZATION,UPDATE command that will add these privileges to an existing instance with authorization enabled.
Support for library objects was added to NATable, but the code is currently not used. May be integrated into CREATE ROUTINE and GRANT for libraries in the future.
Also included is minor rework from delivery 1082, and the GIVE SCHEMA command now updates associated privileges when object ownership is changed. Note, GIVE commands are still prototype. A detailed blueprint for GIVE will be released shortly.
This patch merges with changes from 1177 and addresses a couple of minor comments from the initial submittal.