PrivMgrDesc.h

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
TRAFODION - 3218 User still has privilege after user's role has been revoked ...

Partial support for column level privileges with QI support for:

column select

column insert

column references

column update

Also, as part of this, updated privilege code in a couple of areas:

Changed object caching code in NATable and NARoutine to store all privileges

assigned to the object when the object is cached (privDescs_). During the load

operation, the code creates bitmaps (privInfo_) for the current user. Privilege

checks are performed against the user bitmaps (privInfo_). This is in

anticipation for some performance updates when connecting to Trafodion (mxosrvr)

with different users.

Change getRoleList to include the roleID and the granteeID that granted the

privilege. The grantee can be a user or a role.

When a privilege is revoked from a role, send QI keys for every user that has

been granted to role.

  1. … 40 more files in changeset.
Fixes for TRAFODION-3194 && TRAFODION-3195

TRAFODION-3194 Revoke grant option on objects revokes more that grant option

changed Privilege Manager to set bitmaps correctly

removed unused methods from PrivMgrDesc

TRAFODION-3195: Fixes for get commands:

get schemas for user <user>:

returns schemas owned by the specified user

if current user does not have elevated privilege,

returns error if current user does not match <user>.

get schemas for role <role>:

returns schemas owned by the role,

if current user does not have elevated privilege,

returns error if current user has not been granted <role>

get [tables | views | indexes | libraries ] for user <user>:

get [functions | table_mapping_functions | procedures] for user <user>:

get [privileges | roles] for user <user>:

returns objects where <user> has at least one privilege

if current user does not have eleveted privilege

returns error if current user does not match <user>.

get [tables | views | indexes | libraries ] for role <role>:

get [functions | table_mapping_functions | procedures] for role <role>:

get [privileges | users] for <role>:

returns objects where <role> has at least one privilege

if current user does not have eleveted privilege

returns error if current user has not been granted <role>

  1. … 17 more files in changeset.
Merge branch 'master' into trafodion-2189

Conflicts:

core/sql/optimizer/NATable.cpp

core/sql/sqlcomp/PrivMgrDesc.h

  1. … 6 more files in changeset.
[TRAFODION-2167]: Invalid query invalidation keys not working properly

When a user is revoked from a role, invalidation keys are not being

processed correctly. Therefore, users can still run queries even though

privileges have been removed. Query invalidation is complicated when

table descriptors are stored in metadata.

Changes:

--> The list of priv_descs created (and stored) was changed to include an entry

for each user and each role accumulated across all grantors. (Today, each

priv_desc entry includes the users' direct grants plus grants on their

active roles.)

--> When an object is loaded into NATable or NARoutine cache, the priv_desc is

accessed and the privilege bitmap is now generated by combining the users'

privileges with privileges of their active roles. Correct invalidation keys

are now being created and stored with the object. In the first code drop,

the users' active roles are read from the role_usage table. In the next

code drop, the active roles will be stored and maintained in executor

globals.

--> When a plan is compiled, the correct invalidation keys for users, roles,

and the public authorization are added to the plan.

--> Changes in the compiler were required to handle the invalidation keys for

revoke role and revoke privilege from "PUBLIC".

--> Cleaned up the code that manages invalidation keys in privilege manager.

--> Included the correct create and redef times (if available) in the stored

object descriptor - today they are always set to 0.

--> Added new regression test to test all the revoke options.

  1. … 13 more files in changeset.
Merge remote branch 'origin/master' into memleak1

Conflicts:

core/sql/optimizer/NormRelExpr.cpp

  1. … 5 more files in changeset.
Create NACollection objects on NAHeap. Avoid use of system heap as far as possible

  1. … 50 more files in changeset.
TRAFODION-2203 - a user can grant privileges that he doesn’t have ...

... to other users/roles successfully

In this case, the user/role did not get the privilege requested even though the

operation successfully completed. So the requester is lead to believe that the

privilege was granted.

ANSI states that: "warning <privilege not granted>" should be displayed for

each combination of grantee<=>privilege that was not granted. However,

privileges that can be successfully granted should be granted. The grant code

does not grant any privileges it cannot grant but is not reporting warnings if

the privilege is not granted. Ditto for revoke.

The code now reports warnings if not all privileges were granted or revoked for

both object and column privileges.

Also As part of this fix, the next piece of unifying object and column

privileges has been performed. This task:

- Replaced ColPrivEntry with a PrivMgrCoreDesc - now object and column privs

have the same base structure.

- Create a new method that performs common functions between grant and revoke

statements

- Removed methods not longer needed

- Use column level privileges in the privsToGrant and privsToRevoke structs

- Fixed bug in showddl where privileges were not always displayed.

- Minor changes to make object and columns names more unified

  1. … 7 more files in changeset.
Fixed review comments for TRAFODION [2137] Improve metadata access changes

  1. … 4 more files in changeset.
TRAFODION [2137] Improve metadata access time during query compilation

A change was made to return privilege information in the descriptor structure

instead of getting it when the NATable or NARoutine object is instantiated.

For tables, storing privileges in the descriptor structure allows privileges

to be saved with other table attributes in the metadata. This improves metadata

access time during initial query compilations.

Changes:

--> At create time or when the object's DDL changes (redeftime), the compiler

gets the list of privs for all users. If stored descriptors is enabled,

this list is stored as part of the object definition in the TEXT table.

--> PrivMgr returns a list of bitmaps for all users granted any priv

--> the list of privs is transformed into a VirtTable

--> the VirtTable is transformed into TrafDesc

--> a packed form of the TrafDesc is stored in the TEXT table

--> When an NATable or NARoutine is instantiated, the current user's credentials

are extracted from the TrafDesc and stored in the class thereby eliminating

the need to perform I/O to get privs for the user.

  1. … 22 more files in changeset.
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773

TRAFODION-12 Grant Revoke Enhancements

-- Revoke: added code to verify that when column privileges are revoked then

the remaining grants are is still intact. It does this by starting at the

beginning of the privilege tree and rebuilding it from top to bottom with

the requested privilege changes. If the revoke causes part of the tree to

be unaccessible (a broken branch), the revoke operation fails.

TRAFODION-1761 Grant and Revoke on table with referencing views does not work

-- When granting INSERT, UPDATE, or DELETE object privilege(s) on a table that

is referenced by one or more views, then the privilege should be granted on

any updatable views that reference the table. The grant request to the these

views should be executed as though the current user is _SYSTEM. Similarily

for revokes.

-- If the grant is performed that adds the WITH GRANT OPTION, then

the WITH GRANT OPTION is to be added to the referencing views. The

grant request should be executed as though the current user is _SYSTEM.

Similarily for revokes.

-- The problem was caused by the incorrect grantor being processed. So, added

a new field to the ObjectUsage structure that tells grant/revoke that

the grantor should be the system user. Also added change to not propagate

update privileges on non updatable views.

-- The checkin fixes object privileges; however, work is still needed to

support column level privileges and a mix between column and object level.

TRAFODION-1773 Internal error to revoke role with restrict option when there is

dependent view

-- There code (PrivMgrRoles) that determines if a specific user that owns

objects whose existence depend upon a privilege granted to the specified role

can be revoked. This code did not consider views as a referenced object type

Cleaned up PrivMgrDesc.h & PrivMgrDesc.cpp:

-- remove unused grantee field

-- added columnOrdinal which will be used to fix column privs for TRAFODION 1761

-- replaced std::bitset<NBR_OF_PRIVS> with the define PrivMgrBitmap

  1. … 14 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Move core into subdir to combine repos

  1. … 10768 more files in changeset.
Move core into subdir to combine repos

  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

  1. … 10837 more files in changeset.