PrivMgrRoles.h

Clone Tools
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
TRAFODION - 3218 User still has privilege after user's role has been revoked ...

Partial support for column level privileges with QI support for:

column select

column insert

column references

column update

Also, as part of this, updated privilege code in a couple of areas:

Changed object caching code in NATable and NARoutine to store all privileges

assigned to the object when the object is cached (privDescs_). During the load

operation, the code creates bitmaps (privInfo_) for the current user. Privilege

checks are performed against the user bitmaps (privInfo_). This is in

anticipation for some performance updates when connecting to Trafodion (mxosrvr)

with different users.

Change getRoleList to include the roleID and the granteeID that granted the

privilege. The grantee can be a user or a role.

When a privilege is revoked from a role, send QI keys for every user that has

been granted to role.

  1. … 40 more files in changeset.
TRAFODION [2137] Improve metadata access time during query compilation

A change was made to return privilege information in the descriptor structure

instead of getting it when the NATable or NARoutine object is instantiated.

For tables, storing privileges in the descriptor structure allows privileges

to be saved with other table attributes in the metadata. This improves metadata

access time during initial query compilations.

Changes:

--> At create time or when the object's DDL changes (redeftime), the compiler

gets the list of privs for all users. If stored descriptors is enabled,

this list is stored as part of the object definition in the TEXT table.

--> PrivMgr returns a list of bitmaps for all users granted any priv

--> the list of privs is transformed into a VirtTable

--> the VirtTable is transformed into TrafDesc

--> a packed form of the TrafDesc is stored in the TEXT table

--> When an NATable or NARoutine is instantiated, the current user's credentials

are extracted from the TrafDesc and stored in the class thereby eliminating

the need to perform I/O to get privs for the user.

  1. … 22 more files in changeset.
update

  1. … 298 more files in changeset.
TRAFODION [1879] - Integrate Library Management into Trafodion Metadata

The initial release of library management has been delivered to Trafodion. This

is follow-on work that integrates library management operations into the

existing Trafodion infrastructure. Currently, with the initial release of

library management, the consumer needs to run a special script to set up

everything. This delivery incorporates the steps into existing SQL commands and

removes the need for the script.

This delivery contains:

-> Support for three new INITIALIZE TRAFODION options

-> Support for a new role (plus infrastructure to make it easier to add roles)

-> Change initialize authorization to handle upgrade better

-> Fixed couple issues found while testing

-> New regression test (udr/TEST102)

*** Support for three new INITIALIZE TRAFODION options:

Three new INITIALIZE TRAFODION options have been added:

CREATE LIBRARY MANAGEMENT - create and populates the libmgr schema

DROP LIBRARY MANAGEMENT - drops the libmgr schema

UPGRADE LIBRARY MANAGEMENT - adds new procedures to the libmgr library

Parser was changed to support these new options, a new keyword - MANAGEMENT

was added.

(parser/ParKeyWords.cpp/sqlparser.y)

DDL compiler was changed to recognize the new options and call implementation

methods.

(optimizer/RelExeUtil, sqlcomp/CmpSeabaseDDLcommon.cpp)

The following implementation methods were added:

createSeabaseLibmgr (code for create library management)

dropSeabaseLibmgr (code for drop library management)

upgradeSeabaseLibmgr(code for upgrade library management)

createLibmgrProcs – a helper method called by create and upgrade code to

create libmgr procedures

grantLibmgrPrivs – a helper method called by createLibmgrProcs and

initialize authorization that add grants to procedures for

the new DB__LIBMGRROLE role.

(CmpSeabaseDDL.h/CmpSeabaseDDLroutine.cpp)

Changes were made to define the new schema, library and procedures.

(common/ComSmallDefs.h, CmpSeabaseDDLroutine.h)

All procedures are defined in a new file called sqlcomp/CmpSeabaseDDLroutine.h.

This file is based on similar support for system metadata tables

(CmpSeabaseDDLmd.h). It contains the text of all the procedures. During

"create library management" and "upgrade library management" operations, this

list is used to create/add procedures.

*** Support for a new role:

Initialize authorization code was changed to create the new DB__LIBMGRROLE role.

As part of this change, role infrastructure was modified to make it easier to

add system roles in the future. The initialize code checks to see what roles

have not been added, and adds them.

(common/NAUserId.h, common/ComUser, sqlcomp/PrivMgrMD,

sqlcomp/CmpSeabaseDDLauth, sqlcomp/PrivMgrRoles)

In addition, a check is made – if the SEABASE_LIBMGR_SCHEMA exists, then

grants are performed on the procedures to allow DB__LIBMGRROLE execute

privilege.

(sqlcomp/CmpSeabaseDDLcommon.cpp)

*** Change initialize authorization to handle upgrade better:

Changes were made so initialize authorization performs an upgrade operation if

called and component privileges already exists.

(sqlcomp/PrivMgrComponentOperations, sqlcomp/PrivMgrComponentPrivileges,

sqlcomp/PrivMgrMD)

*** Fixed couple of issues found while testing:

Invalid role ID generation. Role ID generation code was using the wrong range

to determine the next role ID.

(CmpSeabaseDDLauth.cpp)

Drop schema issues with libraries. Drop library cascade fails when the order

of libraries and functions is incorrect. If you drop function, drop library it

fails with missing procedure.

(CmpSeabaseDDLschema.cpp)

  1. … 26 more files in changeset.
Part 1 of updates to licensing info in Trafodion source

Added NOTICE.txt file in root directory per ASF guidelines.

Updated copyright text in one directory (core/sql/sqlcomp)

as a test of a tool to update such text. One or more later

check-ins will take care of the remaining directories.

  1. … 63 more files in changeset.
Move core into subdir to combine repos

  1. … 10768 more files in changeset.
Move core into subdir to combine repos

  1. … 10622 more files in changeset.
Move core into subdir to combine repos

Use: git log --follow -- <file>

to view file history thru renames.

  1. … 10837 more files in changeset.