Clone
Roberta Marton <roberta.marton@hp.com>
committed
on 12 Jan 15
Fixes for SQL security
LP bugs fixed:

1392805 – DB_ROOT incorrectly gets “NOT AUTHORIZED” messages
1398546 – revoke priv from role fails wh… Show more
Fixes for SQL security

LP bugs fixed:

1392805 – DB_ROOT incorrectly gets “NOT AUTHORIZED” messages

1398546 – revoke priv from role fails when view is present

1401233 – USAGE privilege not checked when creating procedure (and

revoking privileges)

1403995 – Update stats failures due to schema PUBLIC_ACCESS_SCHEMA

1401683 – (Partial) DDLoperations see error 8841 about transaction

started by SQL

Regressions updated:

catman1/TEST135 & EXPECTED138

catman1/EXPECTED138 (fix in common/ComUser.cpp)

Bug descriptions:

1392805:

Changed create view code to allow DB__ROOT to create views.  Some

reorganization required to make sure create view sets the updatatable

and insertable privilege correctly.  This also fixed the problem where

the incorrect privileges were set when created by DB__ROOT.

  Sqlcomp/CmpSeabaseDDLview.cpp

  Sqlcomp/PrivMgrPrivileges.h (sets default privileges)

1398546:

The check to see if the "select" privilege is still in existence needed

to be changed until after all the privilege descriptors were analyzed.

  Sqlcomp/PrivMgrPrivileges.cpp (gatherViewPrivileges)

  Sqlcomp/PrivMgrDesc.h

1401233:

Missing checks at create UDR and revoke USAGE privilege were added.

  Sqlcomp/CmpSeabaseDDLroutine.cpp

  Sqlcomp/PrivMgrMD (getUdrsThatReferenceLibraries)

  Sqlcomp/PrivMgrPrivileges.cpp (dealWithUdrs)

1403995:

This is a critical case QA filed because the PUBLIC_ACCESS_SCHEMA does

not exist for temporary sample tables during Update Statistics. If the

PUBLIC_ACCESS_SCHEMA does not exist, the temporary sample table will be

created in the same schema as the source table. Also fixed an issue for

private schemas not owned by DB__ROOT to make the histogram table's

owner the current user.

 ustat/hs_cli.cpp

 ustat/hs_globals.cpp

1401683:

There are several 8841 issues being detected.  This is a fix for one of

them related to Update Statistics where an embedded "get" statement

causes a transaction to be started in a child tdm_arkcmp process. The

fix is to not automatically start a transaction for the get request.

 generator/GenRelScan.cpp

Change-Id: Ied42fdea6c6f8c43f29dab661b06b74f0f07ff99

Show less

default + 10 more