PrivMgrMD.h

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fixed a couple of issues with TRAFODION-1788 delivery

  1. … 6 more files in changeset.
[TRAFODION-1882]: Column Privilege: a user can grant column privilege to ... [TRAFODION-1788]: Grant and Revoke on table columns with referencing views ...

The main issue is that the view-col <=> referenced-col usages were not available

from the metadata.

-- create view was changed to add view-col <=> referenced-col usages to the

TEXT table. This allows NATable and privilege management to retrieve this

information. No upgrade is required

-- Privilege management was changed to see if views could still exist based

only on column level privileges.

-- Grants and revokes on referenced columns for objects are now propagated to

to referencing views

-- Fixed an issue during column grants where column ordinals were not checked

correctly [TRAFODION-1882]

-- Fixed an issue where DB__ROOT, acting as schema owner, was able to grant

privileges that the schema owner was not able to grant,

  1. … 15 more files in changeset.
update

  1. … 298 more files in changeset.
TRAFODION [1879] - Integrate Library Management into Trafodion Metadata

The initial release of library management has been delivered to Trafodion. This

is follow-on work that integrates library management operations into the

existing Trafodion infrastructure. Currently, with the initial release of

library management, the consumer needs to run a special script to set up

everything. This delivery incorporates the steps into existing SQL commands and

removes the need for the script.

This delivery contains:

-> Support for three new INITIALIZE TRAFODION options

-> Support for a new role (plus infrastructure to make it easier to add roles)

-> Change initialize authorization to handle upgrade better

-> Fixed couple issues found while testing

-> New regression test (udr/TEST102)

*** Support for three new INITIALIZE TRAFODION options:

Three new INITIALIZE TRAFODION options have been added:

CREATE LIBRARY MANAGEMENT - create and populates the libmgr schema

DROP LIBRARY MANAGEMENT - drops the libmgr schema

UPGRADE LIBRARY MANAGEMENT - adds new procedures to the libmgr library

Parser was changed to support these new options, a new keyword - MANAGEMENT

was added.

(parser/ParKeyWords.cpp/sqlparser.y)

DDL compiler was changed to recognize the new options and call implementation

methods.

(optimizer/RelExeUtil, sqlcomp/CmpSeabaseDDLcommon.cpp)

The following implementation methods were added:

createSeabaseLibmgr (code for create library management)

dropSeabaseLibmgr (code for drop library management)

upgradeSeabaseLibmgr(code for upgrade library management)

createLibmgrProcs – a helper method called by create and upgrade code to

create libmgr procedures

grantLibmgrPrivs – a helper method called by createLibmgrProcs and

initialize authorization that add grants to procedures for

the new DB__LIBMGRROLE role.

(CmpSeabaseDDL.h/CmpSeabaseDDLroutine.cpp)

Changes were made to define the new schema, library and procedures.

(common/ComSmallDefs.h, CmpSeabaseDDLroutine.h)

All procedures are defined in a new file called sqlcomp/CmpSeabaseDDLroutine.h.

This file is based on similar support for system metadata tables

(CmpSeabaseDDLmd.h). It contains the text of all the procedures. During

"create library management" and "upgrade library management" operations, this

list is used to create/add procedures.

*** Support for a new role:

Initialize authorization code was changed to create the new DB__LIBMGRROLE role.

As part of this change, role infrastructure was modified to make it easier to

add system roles in the future. The initialize code checks to see what roles

have not been added, and adds them.

(common/NAUserId.h, common/ComUser, sqlcomp/PrivMgrMD,

sqlcomp/CmpSeabaseDDLauth, sqlcomp/PrivMgrRoles)

In addition, a check is made – if the SEABASE_LIBMGR_SCHEMA exists, then

grants are performed on the procedures to allow DB__LIBMGRROLE execute

privilege.

(sqlcomp/CmpSeabaseDDLcommon.cpp)

*** Change initialize authorization to handle upgrade better:

Changes were made so initialize authorization performs an upgrade operation if

called and component privileges already exists.

(sqlcomp/PrivMgrComponentOperations, sqlcomp/PrivMgrComponentPrivileges,

sqlcomp/PrivMgrMD)

*** Fixed couple of issues found while testing:

Invalid role ID generation. Role ID generation code was using the wrong range

to determine the next role ID.

(CmpSeabaseDDLauth.cpp)

Drop schema issues with libraries. Drop library cascade fails when the order

of libraries and functions is incorrect. If you drop function, drop library it

fails with missing procedure.

(CmpSeabaseDDLschema.cpp)

  1. … 26 more files in changeset.
TRAFODION-1856: Revoke - object and column privilege checks not integrated for constraints

Fixed a problem with null pointer referencing from prior push

TRAFODION-1856: Revoke - object and column privilege checks not integrated for constraints

Today, when revoking the object REFERENCES privilege, the revoke fails if there

are any RI constraints that require the privilege. However, there may be column

level privileges that exist that would still allow the constraint to be present.

Conversely, when revoking column REFERENCES privilege, the revoke does not

check to see if REFERENCES privilege has been granted at the object level.

In fact, the revoke operation does not check for dependencies on constraints

correctly.

For example:

user1:

create table dept( dept_no int not null primary key, dept_name char(50));

grant references on table dept to user2;

grant references(dept_no) to user2;

user2:

create table empl(empl_no int not null primary key, dept_no int not null);

alter table empl add constraint empl_dept

foreign key (dept_no) references dept;

user1 should be able to "revoke references on table dept from user2" because

user2 still has the references privileges on column dept_no. Vice versa, user1

should be able to "revoke references(dept_no) on dept from user2" because user2

still has the references privilege on table dept.

To make this work, several changes were implemented:

In the existing code, object level privileges use one set of structures to

manage privileges (PrivMgrCoreDesc) and column level privileges use another

(ColPrivEntry). The ColPrivEntry class was changed to use the same base

"PrivMgrCoreDesc" structure as object privileges. This makes comparing things

between objects and columns easier. There is still more work to do in this

area.

There is a method called dealWithConstraints that, among other things, checks

to see if the revoke can occur. Changes were made to check for column level

privileges if object level privileges were no longer available. Revoking

column level privilege now calls this method to make sure the revoke can

proceed.

The dealWithConstraints change required updates to the query that retrieved

referenced table information. In addition to returning the referencing table,

the list of referenced table columns associated with each constraint was

needed. The column information returned was transformed into a new

ColumnReference structure attached to the existing ObjectUsage and

ObjectReference classes. Changes were also required in getConstraintName to get

the RI constraint related to the column which no longer has the privilege.

In addition, the code to remove column level privileges when object level

privileges was removed. In SQL, each grant needs a separate revoke to remove.

So this code did not follow ANSI standard.

  1. … 9 more files in changeset.
Privilege fixes for TRAFODION-1595

TRAFODION-1595 Privilege manager tables missing from HBase

If initialize authorization fails for any reason, some remnants of the operation

remain around. Once DDL_TRANSACTIONS have been enabled, then this issue goes

away.

Code changes have been made as follows:

- If the initialize operation fails and DDL_TRANSACTIONS is not enabled, go

ahead and cleanup all remnants of the operation.

- Added new option to cleanup after a failed authorization attempt:

INITIALIZE AUTHORIZATION, CLEANUP.

The CLEANUP option can be used to clean up after a failed initialize attempt

when the DROP option fails.

- Added logging into the initialize, drop, and cleanup authorization requests.

  1. … 10 more files in changeset.
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773

TRAFODION-12 Grant Revoke Enhancements

-- Revoke: added code to verify that when column privileges are revoked then

the remaining grants are is still intact. It does this by starting at the

beginning of the privilege tree and rebuilding it from top to bottom with

the requested privilege changes. If the revoke causes part of the tree to

be unaccessible (a broken branch), the revoke operation fails.

TRAFODION-1761 Grant and Revoke on table with referencing views does not work

-- When granting INSERT, UPDATE, or DELETE object privilege(s) on a table that

is referenced by one or more views, then the privilege should be granted on

any updatable views that reference the table. The grant request to the these

views should be executed as though the current user is _SYSTEM. Similarily

for revokes.

-- If the grant is performed that adds the WITH GRANT OPTION, then

the WITH GRANT OPTION is to be added to the referencing views. The

grant request should be executed as though the current user is _SYSTEM.

Similarily for revokes.

-- The problem was caused by the incorrect grantor being processed. So, added

a new field to the ObjectUsage structure that tells grant/revoke that

the grantor should be the system user. Also added change to not propagate

update privileges on non updatable views.

-- The checkin fixes object privileges; however, work is still needed to

support column level privileges and a mix between column and object level.

TRAFODION-1773 Internal error to revoke role with restrict option when there is

dependent view

-- There code (PrivMgrRoles) that determines if a specific user that owns

objects whose existence depend upon a privilege granted to the specified role

can be revoked. This code did not consider views as a referenced object type

Cleaned up PrivMgrDesc.h & PrivMgrDesc.cpp:

-- remove unused grantee field

-- added columnOrdinal which will be used to fix column privs for TRAFODION 1761

-- replaced std::bitset<NBR_OF_PRIVS> with the define PrivMgrBitmap

  1. … 14 more files in changeset.
Changes for JIRA TRAFODION-353, 1200, 1214, and 12

1. JIRA Trafodion-353 (Launchpad 1324716):

.traf_authentication_config syntax errors on blank

corrected

2. JIRA Trafodion-1200 (Launchpad 1447336):

DB__ROOTROLE now equivalent to DB__ROOT (completed

in this delivery).

3. JIRA Trafodion-1214 (Launchpad 1450122):

LDAPSSL (level 1) now uses TLS_CACERTFILE.

4. JIRA Trafodion-12 - grant revoke enhancements including:

Six new component-level privileges: DML_DELETE, DML_INSERT,

DML_REFERENCES, DML_SELECT, DML_UPDATE, and DML_USAGE.

Authorization IDs granted a DML privilege at the system

(SQL_OPERATIONS component-level) have the privilege

on all objects in the Trafodion database.

Users who have the MANAGE_PRIVILEGE component-level privilege

can also grant "WITH GRANT OPTION" any privilege they have.

In addition, they implicitly grant on behalf of the owner when

the GRANTED BY clause is omitted. (Mimics DB__ROOT behavior.)

Tracing had been added (but not yet enabled) to better debug

grant and revoke problems

Column level privilege enforcement has been added and column

level privileges support is enabled.

  1. … 25 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Merge remote branch 'core/master'

  1. … 108 more files in changeset.
Move core into subdir to combine repos

  1. … 10768 more files in changeset.
Move core into subdir to combine repos

  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

  1. … 10837 more files in changeset.