PrivMgrMD.cpp

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Privilege fixes for TRAFODION-1595

TRAFODION-1595 Privilege manager tables missing from HBase

If initialize authorization fails for any reason, some remnants of the operation

remain around. Once DDL_TRANSACTIONS have been enabled, then this issue goes

away.

Code changes have been made as follows:

- If the initialize operation fails and DDL_TRANSACTIONS is not enabled, go

ahead and cleanup all remnants of the operation.

- Added new option to cleanup after a failed authorization attempt:

INITIALIZE AUTHORIZATION, CLEANUP.

The CLEANUP option can be used to clean up after a failed initialize attempt

when the DROP option fails.

- Added logging into the initialize, drop, and cleanup authorization requests.

  1. … 10 more files in changeset.
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773

TRAFODION-12 Grant Revoke Enhancements

-- Revoke: added code to verify that when column privileges are revoked then

the remaining grants are is still intact. It does this by starting at the

beginning of the privilege tree and rebuilding it from top to bottom with

the requested privilege changes. If the revoke causes part of the tree to

be unaccessible (a broken branch), the revoke operation fails.

TRAFODION-1761 Grant and Revoke on table with referencing views does not work

-- When granting INSERT, UPDATE, or DELETE object privilege(s) on a table that

is referenced by one or more views, then the privilege should be granted on

any updatable views that reference the table. The grant request to the these

views should be executed as though the current user is _SYSTEM. Similarily

for revokes.

-- If the grant is performed that adds the WITH GRANT OPTION, then

the WITH GRANT OPTION is to be added to the referencing views. The

grant request should be executed as though the current user is _SYSTEM.

Similarily for revokes.

-- The problem was caused by the incorrect grantor being processed. So, added

a new field to the ObjectUsage structure that tells grant/revoke that

the grantor should be the system user. Also added change to not propagate

update privileges on non updatable views.

-- The checkin fixes object privileges; however, work is still needed to

support column level privileges and a mix between column and object level.

TRAFODION-1773 Internal error to revoke role with restrict option when there is

dependent view

-- There code (PrivMgrRoles) that determines if a specific user that owns

objects whose existence depend upon a privilege granted to the specified role

can be revoked. This code did not consider views as a referenced object type

Cleaned up PrivMgrDesc.h & PrivMgrDesc.cpp:

-- remove unused grantee field

-- added columnOrdinal which will be used to fix column privs for TRAFODION 1761

-- replaced std::bitset<NBR_OF_PRIVS> with the define PrivMgrBitmap

  1. … 14 more files in changeset.
TRAFODION-1754 Showddl component does not display grants correctly

Showddl should be displaying grants on an operation in a manner that allows

the privileges to be recreated. Currently, they are returned in the order

in which they are read from the metadata.

While working on this JIRA, several issues were fixed including:

- Consolidated privilege values into one location - NAUserId.h. They used to be

stored in NAUserId.h, ComSmallDefs.h, and PrivMgrDefs.h

- The check for getting the next available role ID was not correct.

- PrivMgrPrivileges::hasColWGO has incorrect indexing

- PrivMgrComponentPrivileges::selectAllWhere has incorrect error checking

  1. … 16 more files in changeset.
Fixes for Jira's trafodion-19 & trafodion-29

See Jira's for a description.

Also removed obsolete code from the parser

  1. … 46 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Merge remote branch 'core/master'

  1. … 108 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1806
    ./PrivMgrMD.cpp
  1. … 10768 more files in changeset.
Move core into subdir to combine repos

    • -0
    • +1758
    ./PrivMgrMD.cpp
  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

    • -0
    • +1004
    ./PrivMgrMD.cpp
  1. … 10837 more files in changeset.