Correct security keys generated for REVOKE ROLE Launchpad Bug 1392086: DML commands continued to succeed after REVOKE ROLE command removed privilege.
DML commands will now report an error if a REVOKE ROLE command results in the user no longer having the requisite DML privilege. Previously incorrect QI security keys were generated and the query would succeed until the session was restarted.
Enable authorization by default for regress, plus Patch 1:
Added TEST138 to catman1 - skipped files Fixed wording in the traf_authentication_setup script from reviewer comments.
change 1 - Enable authorization during development regression tests change 2 – Added support for create schema IF NOT EXISTS and drop schema IF EXISTS change 3 - Changed traf_authentication_setup script to support a new installation option
change 1 - Enable authorization during development regression tests
Authorization will be enabled during regressions runs Since regressions run mostly as DB__ROOT, there should be few visible differences. Developers may see GRANT statements displayed as part of SHOWDDL requests. This can be controlled by a new CQD:SHOWDDL_DISPLAY_PRIVILEGE_GRANTS
ON - display GRANTS if authorization is enabled OFF - do not display GRANTS SYSTEM if running with SQLMX_REGRESS set, do not display grants otherwise, display grants
regress/tools/init_sb_regr_sql -- execute initialize authorization regress/tools/runregr_catman1.ksh -- turn on TEST138 regress/catman1 -- various test and expected files to set the new SHOWDDL CQD
"Initialize authorization, drop;" can be performed to disable authorization
This file was changed to support a new option "--setup" that only enables authentication This will be used by the installation script when the customer chooses not to initialize trafodion.
This script enables or disables security features for Trafodion
Usage: traf_authentication_setup [options]
Options: --file <loc> Optional location of the OpenLDAP configuration file --help Prints this message --off Disables authentication and authorization --on Enables authentication and authorization --setup Enables authentication --status Returns status of authentication enablement