You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafodion.apache.org by sa...@apache.org on 2015/11/20 23:32:01 UTC
[1/5] incubator-trafodion git commit: Merge [TRAFODION-1612] and
[TRAFODION-1613] build changes
Repository: incubator-trafodion
Updated Branches:
refs/heads/master 64bffa7b7 -> 1baeae616
Merge [TRAFODION-1612] and [TRAFODION-1613] build changes
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/1c457170
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/1c457170
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/1c457170
Branch: refs/heads/master
Commit: 1c457170778b346291a330b6b6c86a275d3f6025
Parents: 9070a6d 1ff1fa2
Author: Roberta Marton <ro...@esgyn.com>
Authored: Wed Nov 11 22:46:28 2015 +0000
Committer: Roberta Marton <ro...@esgyn.com>
Committed: Wed Nov 11 22:46:28 2015 +0000
----------------------------------------------------------------------
core/bldenvchk.sh | 2 +-
core/sqf/sqenvcom.sh | 45 ++++++++++++++++++---------
core/sqf/src/seatrans/hbase-trx/Makefile | 2 +-
install/traf_tools_setup.sh | 4 ++-
4 files changed, 36 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
[5/5] incubator-trafodion git commit: Merge remote branch
'origin/pr/182/head' into merge_trafodion182
Posted by sa...@apache.org.
Merge remote branch 'origin/pr/182/head' into merge_trafodion182
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/1baeae61
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/1baeae61
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/1baeae61
Branch: refs/heads/master
Commit: 1baeae6166a8dcca9c5080c285c7899fc107c971
Parents: 64bffa7 8f658ef
Author: Sandhya Sundaresan <sa...@apache.org>
Authored: Fri Nov 20 22:31:27 2015 +0000
Committer: Sandhya Sundaresan <sa...@apache.org>
Committed: Fri Nov 20 22:31:27 2015 +0000
----------------------------------------------------------------------
core/sql/bin/SqlciErrors.txt | 2 +-
core/sql/regress/catman1/EXPECTED141 | Bin 0 -> 78469 bytes
core/sql/regress/catman1/TEST141 | 394 ++++++++++++++++++++++++
core/sql/regress/tools/runregr_catman1.ksh | 2 +-
core/sql/sqlcomp/CmpSeabaseDDL.h | 3 +-
core/sql/sqlcomp/CmpSeabaseDDLview.cpp | 235 +++++++++-----
core/sql/sqlcomp/PrivMgr.cpp | 57 ++++
core/sql/sqlcomp/PrivMgr.h | 3 +
core/sql/sqlcomp/PrivMgrCommands.cpp | 5 +-
core/sql/sqlcomp/PrivMgrCommands.h | 2 +-
core/sql/sqlcomp/PrivMgrPrivileges.cpp | 16 +-
core/sql/sqlcomp/PrivMgrPrivileges.h | 1 -
12 files changed, 639 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/1baeae61/core/sql/sqlcomp/CmpSeabaseDDL.h
----------------------------------------------------------------------
[3/5] incubator-trafodion git commit: Merge branch 'master' into privs
Posted by sa...@apache.org.
Merge branch 'master' into privs
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/a682d853
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/a682d853
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/a682d853
Branch: refs/heads/master
Commit: a682d8531cc8a08b3e2636c7f9eaf1d79c134005
Parents: 013bb77 667886e
Author: Roberta Marton <ro...@esgyn.com>
Authored: Wed Nov 18 20:07:16 2015 +0000
Committer: Roberta Marton <ro...@esgyn.com>
Committed: Wed Nov 18 20:07:16 2015 +0000
----------------------------------------------------------------------
.../transactional/SsccTransactionalTable.java | 34 +++++-----
.../transactional/TransactionalTable.java | 37 +++++-----
.../SingleVersionDeleteNotSupported.java | 10 +--
.../transactional/TrxTransactionState.java | 71 ++++++++++----------
4 files changed, 78 insertions(+), 74 deletions(-)
----------------------------------------------------------------------
[2/5] incubator-trafodion git commit: Merge branch 'master' into privs
Posted by sa...@apache.org.
Merge branch 'master' into privs
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/013bb77a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/013bb77a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/013bb77a
Branch: refs/heads/master
Commit: 013bb77aaae4b4e972fbdde9cfe2525924baf4a0
Parents: 1c45717 9bf3176
Author: Roberta Marton <ro...@esgyn.com>
Authored: Thu Nov 12 16:52:08 2015 +0000
Committer: Roberta Marton <ro...@esgyn.com>
Committed: Thu Nov 12 16:52:08 2015 +0000
----------------------------------------------------------------------
core/conn/Makefile | 1 +
core/conn/jdbc_type2/build.xml | 24 +-
core/conn/jdbc_type2/native/type2version.h | 2 +-
.../org/trafodion/jdbc/t2/DriverInfo.java-tmpl | 4 +-
core/conn/jdbc_type4/build.xml | 5 +-
.../trafodion/jdbc/t4/T4DatabaseMetaData.java | 11 +-
.../src/org/trafodion/jdbc/t4/Vproc.java | 2 +
core/conn/trafci/build.xml | 8 +-
core/rest/pom.xml | 6 +-
core/sqf/.gitignore | 5 +
core/sqf/Makefile | 7 +-
core/sqf/hbase_utilities/Makefile | 46 +
.../backup_restore_functions.sh | 34 +-
.../run_full_trafodion_backup.sh | 31 +-
.../run_full_trafodion_restore.sh | 17 +-
core/sqf/hbase_utilities/pom.xml | 71 ++
.../backuprestore/TrafExportSnapshot.java | 1076 ++++++++++++++++++
core/sqf/sqenvcom.sh | 6 +-
core/sqf/sql/scripts/findPort.py | 106 ++
core/sqf/sql/scripts/install_apache_hadoop | 2 +-
core/sqf/sql/scripts/install_local_hadoop | 4 +-
core/sqf/sql/scripts/install_traf_components | 1 +
core/sql/bin/SqlciErrors.txt | 6 +-
core/sql/cli/Cli.cpp | 4 +-
core/sql/comexe/ComTdbExeUtil.h | 11 +-
core/sql/comexe/ComTdbHbaseAccess.cpp | 18 +-
core/sql/comexe/ComTdbHbaseAccess.h | 9 +-
core/sql/common/CharType.h | 2 +-
core/sql/executor/ExExeUtilLoad.cpp | 9 +-
core/sql/executor/ExHbaseAccess.cpp | 24 +
core/sql/executor/ExHbaseAccess.h | 15 +-
core/sql/executor/ExHbaseIUD.cpp | 91 +-
core/sql/exp/ExpLOBaccess.cpp | 7 +-
core/sql/exp/ExpLOBenums.h | 3 +-
core/sql/generator/GenRelExeUtil.cpp | 4 +
core/sql/generator/GenRelSample.cpp | 15 +-
core/sql/generator/GenRelUpdate.cpp | 39 +-
core/sql/optimizer/BindRelExpr.cpp | 80 +-
core/sql/optimizer/NAColumn.cpp | 24 +
core/sql/optimizer/NAColumn.h | 3 +
core/sql/optimizer/NAFileSet.cpp | 14 +
core/sql/optimizer/NAFileSet.h | 2 +
core/sql/optimizer/NATable.cpp | 1 -
core/sql/optimizer/OptPhysRelExpr.cpp | 123 +-
core/sql/optimizer/RelExeUtil.h | 2 +-
core/sql/optimizer/RelSample.cpp | 1 +
core/sql/optimizer/ScmCostMethod.cpp | 13 +-
core/sql/parser/sqlparser.y | 22 +-
core/sql/regress/executor/EXPECTED015.SB | 27 +
core/sql/regress/executor/EXPECTED130 | 32 +-
core/sql/regress/executor/TEST015 | 7 +
core/sql/regress/executor/TEST130 | 2 +-
core/sql/regress/hive/EXPECTED018 | 176 +--
core/sql/regress/seabase/EXPECTED027 | 115 +-
core/sql/regress/seabase/TEST027 | 15 +
core/sql/regress/tools/runregr_executor.ksh | 12 +-
core/sql/sqlcomp/CmpDDLCatErrorCodes.h | 5 +-
core/sql/sqlcomp/CmpDescribe.cpp | 6 +-
core/sql/sqlcomp/CmpSeabaseDDLcommon.cpp | 3 -
core/sql/sqlcomp/CmpSeabaseDDLindex.cpp | 8 +-
core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 71 +-
core/sql/sqlcomp/nadefaults.cpp | 6 +-
core/sql/ustat/hs_cli.cpp | 204 ++--
dcs/pom.xml | 8 +-
.../resources/dcs-webapps/master/servers.jsp | 17 +
.../main/resources/dcs-webapps/static/dcs.css | 16 +-
.../java/org/trafodion/jdbc_test/TestCat.java | 6 +-
install/installer/traf_cloudera_mods98 | 96 +-
install/installer/traf_config | 297 +++++
install/installer/traf_config_setup | 22 +-
install/installer/traf_getHadoopNodes | 25 +-
install/installer/traf_hortonworks_mods98 | 9 +
install/installer/traf_start | 290 +----
.../installer/trafodion_apache_hadoop_install | 6 +-
install/installer/trafodion_install | 35 +-
75 files changed, 2706 insertions(+), 821 deletions(-)
----------------------------------------------------------------------
[4/5] incubator-trafodion git commit: Trafodion-1100 Creator of view
in private schema unable to select from view
Posted by sa...@apache.org.
Trafodion-1100 Creator of view in private schema unable to select from view
For private schemas, all objects are owned by the schema owner. If an authID
has create component privilege, they can create objects in other schemas.
However, the owner of the new object is still the schema owner.
When the object creator is not the schema owner, then the schema owner
automatically becomes the owner and the object creator is granted all relevant
privileges on the object WGO.
For views, this was not working correctly.
Also found another issue where column privileges were not being handled
correctly when generating the privileges list.
Problem is described in more detail in the JIRA
Changes:
CmpSeabaseDDLview - changed the create view code to add privileges for both the
schema owner and the view creator, and fixes the privilege list issue.
PrivMgr - added a helper function to convert an authID to an authName
PrivMgrCommands - changed the API to send in the grantor ID
PrivMgrPrivileges - changed the code to use the passed in grantor
TEST141 - added a new regression test, it is currently skipped until
trafodion-1087 is resolved.
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/8f658efa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/8f658efa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/8f658efa
Branch: refs/heads/master
Commit: 8f658efa21fea35336f8b814bb37d1f5c2bbf3da
Parents: a682d85
Author: Roberta Marton <ro...@esgyn.com>
Authored: Thu Nov 19 01:45:02 2015 +0000
Committer: Roberta Marton <ro...@esgyn.com>
Committed: Thu Nov 19 01:45:02 2015 +0000
----------------------------------------------------------------------
core/sql/bin/SqlciErrors.txt | 2 +-
core/sql/regress/catman1/EXPECTED141 | Bin 0 -> 78469 bytes
core/sql/regress/catman1/TEST141 | 394 ++++++++++++++++++++++++
core/sql/regress/tools/runregr_catman1.ksh | 2 +-
core/sql/sqlcomp/CmpSeabaseDDL.h | 3 +-
core/sql/sqlcomp/CmpSeabaseDDLview.cpp | 235 +++++++++-----
core/sql/sqlcomp/PrivMgr.cpp | 57 ++++
core/sql/sqlcomp/PrivMgr.h | 3 +
core/sql/sqlcomp/PrivMgrCommands.cpp | 5 +-
core/sql/sqlcomp/PrivMgrCommands.h | 2 +-
core/sql/sqlcomp/PrivMgrPrivileges.cpp | 16 +-
core/sql/sqlcomp/PrivMgrPrivileges.h | 1 -
12 files changed, 639 insertions(+), 81 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/bin/SqlciErrors.txt
----------------------------------------------------------------------
diff --git a/core/sql/bin/SqlciErrors.txt b/core/sql/bin/SqlciErrors.txt
index 36c1243..f012c2e 100644
--- a/core/sql/bin/SqlciErrors.txt
+++ b/core/sql/bin/SqlciErrors.txt
@@ -3088,7 +3088,7 @@ $3~String1.
20232 ZZZZZ 99999 ADVANCED MAJOR DIALOUT This operation cannot be done on a nonaudited table that contains data.
20233 ZZZZZ 99999 BEGINNER MINOR LOGONLY No partition could be found in volume $0~string0 for the specified object.
20234 ZZZZZ 99999 BEGINNER MINOR LOGONLY Partition $0~string0 could not be found.
-20235 ZZZZZ 99999 ADVANCED MAJOR DBADMIN Error returned while converting user ID to username, status: $0~int0 userid: $1~int1.
+20235 ZZZZZ 99999 ADVANCED MAJOR DBADMIN Error returned while converting auth ID to auth name, status: $0~int0 ID: $1~int1.
20236 ZZZZZ 99999 ADVANCED MAJOR DBADMIN Error returned while converting username to user ID, status: $0~int0, username: $1~string0.
20237 ZZZZZ 99999 ADVANCED MAJOR DIALOUT An internal error occurred: invalid username specified, username: $0~string0.
20238 ZZZZZ 99999 BEGINNER MINOR LOGONLY A user-defined transaction has been started. The MODIFY utility cannot perform the partition management operation.
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/regress/catman1/EXPECTED141
----------------------------------------------------------------------
diff --git a/core/sql/regress/catman1/EXPECTED141 b/core/sql/regress/catman1/EXPECTED141
new file mode 100644
index 0000000..838ed26
Binary files /dev/null and b/core/sql/regress/catman1/EXPECTED141 differ
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/regress/catman1/TEST141
----------------------------------------------------------------------
diff --git a/core/sql/regress/catman1/TEST141 b/core/sql/regress/catman1/TEST141
new file mode 100755
index 0000000..461a3b6
--- /dev/null
+++ b/core/sql/regress/catman1/TEST141
@@ -0,0 +1,394 @@
+-- ============================================================================
+-- Test: TEST141
+-- @@@ START COPYRIGHT @@@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+-- @@@ END COPYRIGHT @@@
+--
+-- ============================================================================
+-- Functionality: Extended support for views for all levels:
+-- column, object, component
+--
+-- Added in response to JIRA 1100
+--
+-- Expected files: EXPECTED141
+-- ============================================================================
+
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+obey TEST141(clean_up);
+log LOG141 clear ;
+obey TEST141(set_up);
+obey TEST141(test_private_user);
+obey TEST141(test_private_role);
+obey TEST141(test_shared_user);
+obey TEST141(test_shared_role);
+log;
+obey TEST141(clean_up);
+exit;
+
+-- ============================================================================
+?section clean_up
+-- ============================================================================
+-- Cleaning up test environment
+drop schema if exists t141_udr cascade;
+drop schema if exists t141_user1 cascade;
+drop schema if exists t141_user2 cascade;
+drop schema if exists t141_user3 cascade;
+
+revoke component privilege "CREATE" on sql_operations from sql_user2;
+revoke component privilege "CREATE" on sql_operations from user2_role;
+
+revoke role user1_role from sql_user1;
+revoke role user2_role from sql_user2;
+revoke role user3_role from sql_user3;
+drop role user1_role;
+drop role user2_role;
+drop role user3_role;
+
+
+-- ============================================================================
+?section set_up
+-- ============================================================================
+-- Setup the test environment
+
+-- create function to display bitmaps as a bitmap rather than longs
+-- use the same function from TEST140
+sh rm -f ./etest140.dll;
+sh sh $$scriptsdir$$/tools/dll-compile.ksh etest140.cpp
+ 2>&1 | tee LOG140-SECONDARY;
+set pattern $$DLL$$ etest140.dll;
+set pattern $$QUOTE$$ '''';
+
+create schema t141_udr;
+set schema t141_udr;
+create library t141_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ;
+create function translateBitmap(bitmap largeint) returns (bitmap_string char (20))
+language c parameter style sql external name 'translateBitmap'
+library t141_l1
+deterministic no sql final call allow any parallelism state area size 1024 ;
+grant execute on function t141_udr.translateBitmap to "PUBLIC";
+
+-- query to read privs from metadata
+prepare get_obj_privs from
+select distinct
+ substring (object_name,1,40) as object_name,
+ object_type as type,
+ substring(authname(grantor_id),1,10) as grantor,
+ substring(authname(grantee_id),1,10) as grantee,
+ t141_udr.translateBitmap(privileges_bitmap) as granted_privs,
+ t141_udr.translateBitmap(grantable_bitmap) as grantable_privs
+from "_PRIVMGR_MD_".object_privileges
+where object_uid in
+ (select object_uid
+ from "_MD_".objects
+ where schema_name like 'T141_USER%')
+ order by 1, 2, 3, 4, 5
+;
+
+prepare get_col_privs from
+select distinct
+ substring (object_name,1,40) as object_name,
+ column_number,
+ substring(authname(grantor_id),1,10) as grantor,
+ substring(authname(grantee_id),1,10) as grantee,
+ t141_udr.translateBitmap(privileges_bitmap) as granted_privs,
+ t141_udr.translateBitmap(grantable_bitmap) as grantable_privs
+from "_PRIVMGR_MD_".column_privileges
+where object_uid in
+ (select object_uid
+ from "_MD_".objects
+ where schema_name like 'T141_%')
+ order by 1, 2, 3, 4, 5
+;
+
+-- set up role infrastructure
+create role user1_role;
+create role user2_role;
+create role user3_role;
+grant role user1_role to sql_user1;
+grant role user2_role to sql_user2;
+grant role user3_role to sql_user3;
+
+-- set up component privilege infrastructure
+grant component privilege "CREATE" on sql_operations to sql_user2;
+grant component privilege "CREATE" on sql_operations to user2_role;
+
+-- ============================================================================
+?section create_objects
+-- ============================================================================
+set schema t141_user1;
+create table u1t1 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t1 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+create table u1t2 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t2 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+create table u1t3 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t3 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+create table u1t4 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t4 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+get tables;
+
+set schema t141_user2;
+create table u2t1 (c1 int not null primary key, c2 int, c3 int);
+insert into u2t1 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+create table u2t2 (c1 int not null primary key, c2 int, c3 int);
+insert into u2t2 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+get tables;
+
+set schema t141_user3;
+create table u3t1 (c1 int not null primary key, c2 int, c3 int);
+insert into u3t1 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+get tables;
+
+
+-- ============================================================================
+?section test_private_user
+-- ============================================================================
+-- verify someone with CREATE permission can create objects in someone elses
+-- private schema. Make sure the schema owner owns the object and the creator
+-- has appropriate privileges.
+
+values (user);
+
+-- setup database with private schemas owned by users
+drop schema if exists t141_user1 cascade;
+create schema t141_user1 authorization sql_user1;
+drop schema if exists t141_user2 cascade;
+create schema t141_user2 authorization sql_user2;
+drop schema if exists t141_user3 cascade;
+create schema t141_user3 authorization sql_user3;
+
+obey TEST141(create_objects);
+set schema t141_user1;
+grant select on u1t1 to sql_user3;
+grant select (c1, c2) on u1t2 to sql_user3;
+grant update (c1) on u1t2 to sql_user3;
+grant update, delete, insert on u1t3 to sql_user3;
+grant update on u1t4 to sql_user3;
+grant select(c1, c3) on u1t4 to sql_user3;
+execute get_obj_privs;
+execute get_col_privs;
+
+-- sql_user2 has create privilege on all schemas.
+-- have sql_user2 create some tables in sql_user1's schema
+-- have sql_user2 create some views
+sh sqlci -i "TEST141(user2_objects)" -u sql_user2;
+execute get_obj_privs;
+
+-- sql_user1 can create views on all tables
+sh sqlci -i "TEST141(user1_objects)" -u sql_user1;
+execute get_obj_privs;
+
+-- sql_user3 does not have the create privilege.
+-- have sql_user3 attempt to create a table in sql_user1's schema
+sh sqlci -i "TEST141(user3_objects)" -u sql_user3;
+
+-- ============================================================================
+?section test_shared_user
+-- ============================================================================
+-- verify someone with CREATE permission can create objects in someone elses
+-- shared schema. Make sure the schema owner owns the object and the creator
+-- has appropriate privileges.
+
+values (user);
+revoke component privilege "CREATE" on sql_operations from sql_user2;
+
+-- setup database with shared schemas owned by users
+drop schema if exists t141_user1 cascade;
+create shared schema t141_user1 authorization sql_user1;
+drop schema if exists t141_user2 cascade;
+create shared schema t141_user2 authorization sql_user2;
+drop schema if exists t141_user3 cascade;
+create shared schema t141_user3 authorization sql_user3;
+showddl schema t141_user1;
+showddl schema t141_user2;
+showddl schema t141_user3;
+
+-- schemas are owned by the authID specified in the authorization clause but
+-- tables are owned by the creator. The objects created in create_objects are
+-- owned by DB__ROOT since DB__ROOT is the current user.
+obey TEST141(create_objects);
+set schema t141_user1;
+grant select on u1t1 to sql_user3;
+grant select (c1, c2) on u1t2 to sql_user3;
+grant update (c1) on u1t2 to sql_user3;
+grant update, delete, insert on u1t3 to sql_user3;
+grant update on u1t4 to sql_user3;
+grant select(c1, c3) on u1t4 to sql_user3;
+execute get_obj_privs;
+execute get_col_privs;
+
+-- have sql_user2 create some tables in sql_user1's schema
+-- have sql_user2 create some views, views that reference user1's objects fail
+sh sqlci -i "TEST141(user2_objects)" -u sql_user2;
+execute get_obj_privs;
+
+-- In a shared schema sql_user1 does not have privs on sql_user2 objects
+-- creates should fail
+sh sqlci -i "TEST141(user1_objects)" -u sql_user1;
+
+-- grant privileges to sql_user1 and retry
+grant select on t141_user1.u1t1 to sql_user1;
+grant select on t141_user1.u2t1 to sql_user1;
+sh sqlci -i "TEST141(user1_objects)" -u sql_user1;
+execute get_obj_privs;
+
+-- sql_user3 does not have the create privilege.
+-- have sql_user3 attempt to create a table in sql_user1's schema
+sh sqlci -i "TEST141(user3_objects)" -u sql_user3;
+
+-- ============================================================================
+?section test_private_role
+-- ============================================================================
+-- verify someone with CREATE permission can create objects in someone elses
+-- private schema. Make sure the schema owner owns the object and the creator
+-- has appropriate privileges.
+
+values (user);
+
+-- setup database with private schemas owned by roles
+drop schema if exists t141_user1 cascade;
+create schema t141_user1 authorization user1_role;
+drop schema if exists t141_user2 cascade;
+create schema t141_user2 authorization user2_role;
+drop schema if exists t141_user3 cascade;
+create schema t141_user3 authorization user3_role;
+showddl schema t141_user1;
+showddl schema t141_user2;
+
+obey TEST141(create_objects);
+set schema t141_user1;
+execute get_obj_privs;
+execute get_col_privs;
+
+-- user2_role has create privilege on all schemas.
+-- have sql_user2 who belongs to user2_role create some tables in
+-- t141_user1's schema, also have sql_user2 create some views
+sh sqlci -i "TEST141(user2_objects)" -u sql_user2;
+execute get_obj_privs;
+
+-- ============================================================================
+?section test_shared_role
+-- ============================================================================
+-- verify someone with CREATE permission can create objects in someone elses
+-- shared schema. Make sure the schema owner owns the object and the creator
+-- has appropriate privileges.
+
+values (user);
+revoke component privilege "CREATE" on sql_operations from user2_role;
+
+-- setup database with shared schemas owned by role
+drop schema if exists t141_user1 cascade;
+create shared schema t141_user1 authorization user1_role;
+drop schema if exists t141_user2 cascade;
+create shared schema t141_user2 authorization user2_role;
+drop schema if exists t141_user3 cascade;
+create shared schema t141_user3 authorization user3_role;
+showddl schema t141_user1;
+showddl schema t141_user2;
+
+-- schemas are owned by the authID specified in the authorization clause but
+-- tables are owned by the creator. The following objects are owned by DB__ROOT
+obey TEST141(create_objects);
+set schema t141_user1;
+execute get_obj_privs;
+execute get_col_privs;
+
+-- have sql_user2 create some tables in user2_role's schema
+-- have sql_user2 create some views, views that reference user1's objects fail
+sh sqlci -i "TEST141(user2_objects)" -u sql_user2;
+execute get_obj_privs;
+
+-- ============================================================================
+?section user1_objects
+-- ============================================================================
+-- executed by sql_user1
+log LOG141;
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+values (user);
+
+set schema t141_user1;
+create view u1v1 as select * from u1t1;
+create view u1v2 as select * from u2t1;
+create view u1v3(c1, c2) as select u1.c1, u2.c1 from u1t1 u1, u2t1 u2;
+
+-- ============================================================================
+?section user2_objects
+-- ============================================================================
+-- executed by sql_user2
+-- sql_user2 has the CREATE component privilege for sql_operations.
+-- All creates should succeed. The owner of the table is the schema owner
+-- (sql_user1) and sql_user2 should get all DML privileges WGO
+log LOG141;
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+values (user);
+set schema t141_user1;
+create table u2t1 (c1 int not null primary key, c2 int, c3 int);
+create table u2t2 (c1 int not null primary key, c2 int, c3 int);
+
+get tables;
+
+-- create a view on user1's table
+create view u2v1 as select c1, c2 from u2t1;
+showddl u2v1;
+
+-- for shared schemas u1t1 is owned by DB__ROOT so create fails.
+-- for private schemas this succeeds
+create view u2v2(c1, c2) as select u1.c1, u2.c1 from t141_user2.u2t1 as u2, u2t2 as u1;
+showddl u2v2;
+
+-- these creates should fail
+-- user2 has no privs on u1t1
+create view u1v3 as select * from u1t1;
+set schema t141_user2;
+
+-- user2 has no privs on u1t2, for shared schema also u1t1
+create view u2v1 as select u1.c1, u2.c1 from u2t1 as u2, t141_user1.u1t2 as u1;
+
+-- user2 has no privs on u3t1
+create view u2v1 as select * from t141_user1.u3t1;
+
+
+-- ============================================================================
+?section user3_objects
+-- ============================================================================
+-- executed by sql_user2
+log LOG141;
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+values (user);
+set schema t141_user1;
+
+--fails for private schemas - user3 has no create privs in schema user1's schemas
+--works for shared schemas - user3 can create objects
+create table u3t1 (c1 int not null primary key, c2 int, c3 int);
+
+-- following works based on granted privs
+set schema t141_user3;
+create view u3v1 as select * from t141_user1.u1t1;
+showddl u3v1;
+create view u3v2 as select c1, c2 from t141_user1.u1t2;
+showddl u3v2;
+create view u3v3 as select c1 from t141_user1.u1t2;
+showddl u3v3;
+create view u3v4 as select c1, c2 from t141_user1.u1t4;
+create view u3v4 as select c1, c3 from t141_user1.u1t4;
+
+-- following fail
+create view u3v5 as select c1, c3 from t141_user1.u1t3;
+get tables;
+get views;
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/regress/tools/runregr_catman1.ksh
----------------------------------------------------------------------
diff --git a/core/sql/regress/tools/runregr_catman1.ksh b/core/sql/regress/tools/runregr_catman1.ksh
index c4319cd..ef8a0b3 100755
--- a/core/sql/regress/tools/runregr_catman1.ksh
+++ b/core/sql/regress/tools/runregr_catman1.ksh
@@ -169,7 +169,7 @@ fi
# For now, don't run these tests --
# Add list of tests to script in "skipTheseTests" --
#-------------------------------------------------------
-skipTheseTests="TEST129 TEST132 TEST140"
+skipTheseTests="TEST129 TEST132 TEST140 TEST141"
#skip these tests for Seabase
if [ "$seabase" -ne 0 ]; then
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/CmpSeabaseDDL.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/CmpSeabaseDDL.h b/core/sql/sqlcomp/CmpSeabaseDDL.h
index 92e9c88..7da89f5 100644
--- a/core/sql/sqlcomp/CmpSeabaseDDL.h
+++ b/core/sql/sqlcomp/CmpSeabaseDDL.h
@@ -779,7 +779,8 @@ class CmpSeabaseDDL
ExeCliInterface * cliInterface);
short gatherViewPrivileges (const StmtDDLCreateView * createViewParseNode,
- ExeCliInterface * cliInterface,
+ ExeCliInterface * cliInterface,
+ NABoolean viewCreator,
PrivMgrBitmap &privilegesBitmap,
PrivMgrBitmap &grantableBitmap);
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/CmpSeabaseDDLview.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/CmpSeabaseDDLview.cpp b/core/sql/sqlcomp/CmpSeabaseDDLview.cpp
index f2d4bd0..b921e70 100644
--- a/core/sql/sqlcomp/CmpSeabaseDDLview.cpp
+++ b/core/sql/sqlcomp/CmpSeabaseDDLview.cpp
@@ -66,6 +66,7 @@
static bool checkAccessPrivileges(
const ParTableUsageList & vtul,
const ParViewColTableColsUsageList & vctcul,
+ NABoolean viewCreator,
PrivMgrBitmap & privilegesBitmap,
PrivMgrBitmap & grantableBitmap);
@@ -367,6 +368,7 @@ short CmpSeabaseDDL::updateViewUsage(StmtDDLCreateView * createViewParseNode,
// Parameters:
// createViewNode - for list of objects and isUpdatable/isInsertable flags
// cliInterface - used to get UID of referenced object
+// viewCreator - determines which authID to use to gather privs
// privilegeBitmap - returns privileges this user has on the view
// grantableBitmap - returns privileges this user can grant
//
@@ -376,25 +378,26 @@ short CmpSeabaseDDL::updateViewUsage(StmtDDLCreateView * createViewParseNode,
// ****************************************************************************
short CmpSeabaseDDL::gatherViewPrivileges (const StmtDDLCreateView * createViewNode,
ExeCliInterface * cliInterface,
+ NABoolean viewCreator,
PrivMgrBitmap &privilegesBitmap,
PrivMgrBitmap &grantableBitmap)
{
+ if (!isAuthorizationEnabled())
+ return 0;
+
// set all bits to true initially, we will be ANDing with privileges
// from all referenced objects
// default table and view privileges are the same, set up default values
PrivMgr::setTablePrivs(privilegesBitmap);
PrivMgr::setTablePrivs(grantableBitmap);
- if (!isAuthorizationEnabled())
- return 0;
-
const ParViewUsages &vu = createViewNode->getViewUsages();
const ParTableUsageList &vtul = vu.getViewTableUsageList();
const ParViewColTableColsUsageList &vctcul = vu.getViewColTableColsUsageList();
// If DB__ROOT, no need to gather privileges
if (!ComUser::isRootUserID() &&
- !checkAccessPrivileges(vtul,vctcul,privilegesBitmap,grantableBitmap))
+ !checkAccessPrivileges(vtul,vctcul,viewCreator,privilegesBitmap,grantableBitmap))
return -1;
// If view is not updatable or insertable, turn off privs in bitmaps
@@ -539,9 +542,12 @@ short CmpSeabaseDDL::getListOfDirectlyReferencedObjects (
return 0;
}
+// ----------------------------------------------------------------------------
+// method: createSeabaseView
+// ----------------------------------------------------------------------------
void CmpSeabaseDDL::createSeabaseView(
- StmtDDLCreateView * createViewNode,
- NAString &currCatName, NAString &currSchName)
+ StmtDDLCreateView * createViewNode,
+ NAString &currCatName, NAString &currSchName)
{
Lng32 retcode = 0;
Lng32 cliRC = 0;
@@ -712,18 +718,57 @@ void CmpSeabaseDDL::createSeabaseView(
PrivMgrBitmap grantableBitmap;
privilegesBitmap.set();
grantableBitmap.set();
+
+ // The view creator may not be the same as the view owner.
+ // For shared schemas, the view creator is always the same as the view owner.
+ // For private schemas, the view owner is the schema owner. However, the
+ // user that is issuing the CREATE statement is not always the schema owner.
+ NABoolean viewOwnerIsViewCreator =
+ ((schemaClass == COM_SCHEMA_CLASS_SHARED) ? TRUE :
+ ((ComUser::getCurrentUser() == schemaOwnerID) ? TRUE : FALSE));
+
+ // Gather privileges for the view creator
+ NABoolean viewCreator = TRUE;
if (gatherViewPrivileges(createViewNode,
&cliInterface,
+ viewCreator,
privilegesBitmap,
grantableBitmap))
{
processReturn();
-
deallocEHI(ehi);
-
return;
}
+ PrivMgrBitmap ownerPrivBitmap;
+ PrivMgrBitmap ownerGrantableBitmap;
+ ownerPrivBitmap.set();
+ ownerGrantableBitmap.set();
+
+ // If view owner is the same as view creator, owner and creator privileges
+ // are the same
+ if (viewOwnerIsViewCreator)
+ {
+ ownerPrivBitmap = privilegesBitmap;
+ ownerGrantableBitmap = grantableBitmap;
+ }
+
+ // If view creator is not the same as the view owner, gather the
+ // view owner privileges
+ else
+ {
+ if (gatherViewPrivileges(createViewNode,
+ &cliInterface,
+ !viewCreator,
+ ownerPrivBitmap,
+ ownerGrantableBitmap))
+ {
+ processReturn();
+ deallocEHI(ehi);
+ return;
+ }
+ }
+
NAString viewText(STMTHEAP);
buildViewText(createViewNode, viewText);
@@ -791,43 +836,44 @@ void CmpSeabaseDDL::createSeabaseView(
// grant privileges for view
if (isAuthorizationEnabled())
{
- char authName[MAX_AUTHNAME_LEN+1];
- Int32 lActualLen = 0;
- Int16 status = ComUser::getAuthNameFromAuthID( (Int32) objectOwnerID
- , (char *)&authName
- , MAX_AUTHNAME_LEN
- , lActualLen );
- if (status != FEOK)
- {
- *CmpCommon::diags() << DgSqlCode(-20235)
- << DgInt0(status)
- << DgInt1(objectOwnerID);
-
- deallocEHI(ehi);
-
- processReturn();
-
- return;
- }
-
// Initiate the privilege manager interface class
NAString privMgrMDLoc;
CONCAT_CATSCH(privMgrMDLoc, getSystemCatalog(), SEABASE_PRIVMGR_SCHEMA);
PrivMgrCommands privInterface(std::string(privMgrMDLoc.data()),
CmpCommon::diags());
+ // Calculate the view owner (grantee)
+ int32_t grantee = (viewOwnerIsViewCreator)
+ ? ComUser::getCurrentUser() : schemaOwnerID;
+
+ // Grant view ownership - grantor is the SYSTEM
retcode = privInterface.grantObjectPrivilege
(objUID, std::string(extViewName.data()), COM_VIEW_OBJECT,
- objectOwnerID, std::string(authName),
- privilegesBitmap, grantableBitmap);
+ SYSTEM_USER, grantee,
+ ownerPrivBitmap, ownerGrantableBitmap);
if (retcode != STATUS_GOOD && retcode != STATUS_WARNING)
{
deallocEHI(ehi);
-
processReturn();
-
return;
}
+
+ // if the view creator is different than view owner, assign creator
+ // privileges (assigned by view owner to view creator)
+ if (!viewOwnerIsViewCreator)
+ {
+ retcode = privInterface.grantObjectPrivilege
+ (objUID, std::string(extViewName.data()), COM_VIEW_OBJECT,
+ schemaOwnerID, ComUser::getCurrentUser(),
+ privilegesBitmap, grantableBitmap);
+ if (retcode != STATUS_GOOD && retcode != STATUS_WARNING)
+ {
+ deallocEHI(ehi);
+ processReturn();
+ return;
+ }
+ }
+
if (replacingView)
{
PrivStatus privStatus = privInterface.insertPrivRowsForObject(objUID,viewPrivsRows);
@@ -1372,7 +1418,9 @@ short CmpSeabaseDDL::dropMetadataViews(ExeCliInterface * cliInterface)
// * Function: checkAccessPrivileges *
// * *
// * This function determines if a user has the requesite privileges to *
-// * access the referenced objects that comprise the view. *
+// * access the referenced objects that comprise the view. In addition it *
+// * returns the privileges bitmap containing privileges to be granted to the *
+// * view. *
// * *
// *****************************************************************************
// * *
@@ -1384,6 +1432,10 @@ short CmpSeabaseDDL::dropMetadataViews(ExeCliInterface * cliInterface)
// * <vctcul> const ParViewColTableColsUsageList & In *
// * is a reference to the list of columns used by the view. *
// * *
+// * <viewCreator> NABoolean In *
+// * If TRUE, gather privileges for the view creator, if FALSE, *
+// * gather privileges for the view owner *
+// * *
// * <privilegesBitmap> PrivMgrBitmap & Out *
// * passes back the union of privileges the user has on the referenced *
// * objects. *
@@ -1404,17 +1456,22 @@ short CmpSeabaseDDL::dropMetadataViews(ExeCliInterface * cliInterface)
static bool checkAccessPrivileges(
const ParTableUsageList & vtul,
const ParViewColTableColsUsageList & vctcul,
+ NABoolean viewCreator,
PrivMgrBitmap & privilegesBitmap,
PrivMgrBitmap & grantableBitmap)
{
+ BindWA bindWA(ActiveSchemaDB(),CmpCommon::context(),FALSE/*inDDL*/);
+ bool missingPrivilege = false;
+ NAString extUsedObjName;
-BindWA bindWA(ActiveSchemaDB(),CmpCommon::context(),FALSE/*inDDL*/);
-bool missingPrivilege = false;
-NAString extUsedObjName;
+ NAString privMgrMDLoc;
+ CONCAT_CATSCH(privMgrMDLoc,CmpSeabaseDDL::getSystemCatalogStatic(),SEABASE_PRIVMGR_SCHEMA);
+ PrivMgrCommands privInterface(std::string(privMgrMDLoc.data()),
+ CmpCommon::diags());
-// generate the lists of privileges and grantable privileges
-// a side effect is to return an error if basic privileges are not granted
+ // generate the lists of privileges and grantable privileges
+ // a side effect is to return an error if basic privileges are not granted
for (CollIndex i = 0; i < vtul.entries(); i++)
{
if (vtul[i].getSpecialType() == ExtendedQualName::SG_TABLE)
@@ -1426,39 +1483,61 @@ NAString extUsedObjName;
const NAString catalogNamePart = usedObjName.getCatalogNamePartAsAnsiString();
const NAString schemaNamePart = usedObjName.getSchemaNamePartAsAnsiString(TRUE);
const NAString objectNamePart = usedObjName.getObjectNamePartAsAnsiString(TRUE);
- const NAString extUsedObjName = usedObjName.getExternalName(TRUE);
+ NAString extUsedObjName = usedObjName.getExternalName(TRUE);
CorrName cn(objectNamePart,STMTHEAP, schemaNamePart,catalogNamePart);
NATable *naTable = bindWA.getNATable(cn);
if (naTable == NULL)
{
- SEABASEDDL_INTERNAL_ERROR("Bad NATable pointer in checkAccessPrivileges");
+ SEABASEDDL_INTERNAL_ERROR("Bad NATable pointer in checkAccessPrivileges");
return false;
}
- // Grab privileges from the NATable structure
- PrivMgrUserPrivs *privs = naTable->getPrivInfo();
- if (privs == NULL)
- {
- *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS);
- return false;
+ PrivMgrUserPrivs privs;
+ PrivMgrUserPrivs *pPrivInfo = NULL;
+
+ // If gathering privileges for the view creator, the NATable structure
+ // contains the privileges we want to use to create bitmaps
+ if (viewCreator)
+ pPrivInfo = naTable->getPrivInfo();
+
+ // If the view owner is not the view creator, then we need to get schema
+ // owner privileges from PrivMgr.
+ else
+ {
+ PrivStatus retcode = privInterface.getPrivileges((int64_t)naTable->objectUid().get_value(),
+ naTable->getObjectType(),
+ naTable->getSchemaOwner(),
+ privs);
+
+ if (retcode == STATUS_ERROR)
+ {
+ *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS);
+ return false;
+ }
+ pPrivInfo = &privs;
}
// Requester must have at least select privilege
- if ( !privs->hasSelectPriv() )
+ if ( !pPrivInfo->hasSelectPriv() )
missingPrivilege = true;
- // Summarize privileges
- privilegesBitmap &= privs->getObjectBitmap();
- grantableBitmap &= privs->getGrantableBitmap();
+ // Summarize privileges
+ privilegesBitmap &= pPrivInfo->getObjectBitmap();
+ grantableBitmap &= pPrivInfo->getGrantableBitmap();
}
- if (!missingPrivilege)
- return true;
-
+ // To create a view you need at least select privilege, noSelectPriv
+ // is true if the auth ID does not have select privilege at the object
+ // level. The view can still be created if select exists at the column
+ // level.
+ bool noObjPriv = missingPrivilege;
missingPrivilege = false;
-PrivColumnBitmap colPrivBitmap;
-PrivColumnBitmap colGrantableBitmap;
+ // Gather column level privs to attach to the bitmap.
+ // Even though privileges are granted on the column, they show up as
+ // object privileges on the view.
+ PrivColumnBitmap colPrivBitmap;
+ PrivColumnBitmap colGrantableBitmap;
PrivMgrPrivileges::setColumnPrivs(colPrivBitmap);
PrivMgrPrivileges::setColumnPrivs(colGrantableBitmap);
@@ -1498,32 +1577,50 @@ PrivColumnBitmap colGrantableBitmap;
}
int32_t usedColNumber = naCol->getPosition();
- // Grab privileges from the NATable structure
- PrivMgrUserPrivs *privs = naTable->getPrivInfo();
- if (privs == NULL)
+ PrivMgrUserPrivs privs;
+ PrivMgrUserPrivs *pPrivInfo = NULL;
+ if (viewCreator)
+ pPrivInfo = naTable->getPrivInfo();
+ else
+ {
+ PrivStatus retcode = privInterface.getPrivileges((int64_t)naTable->objectUid().get_value(),
+ naTable->getObjectType(),
+ naTable->getOwner(),
+ privs);
+
+ if (retcode == STATUS_ERROR)
+ {
+ *CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS);
+ return false;
+ }
+ pPrivInfo = &privs;
+ }
+
+ if (pPrivInfo == NULL)
{
*CmpCommon::diags() << DgSqlCode(-CAT_UNABLE_TO_RETRIEVE_PRIVS);
return false;
}
- // If the user is missing SELECT on at least one column-level privilege,
- // view cannot be created. No need to proceed.
- if (!privs->hasColSelectPriv(usedColNumber))
+
+ // If the user is missing SELECT at the object level and on at least one
+ // column-level privilege, view cannot be created. No need to proceed.
+ if (noObjPriv && !pPrivInfo->hasColSelectPriv(usedColNumber))
{
missingPrivilege = true;
break;
}
- colPrivBitmap &= privs->getColumnPrivBitmap(usedColNumber);
- colGrantableBitmap &= privs->getColumnGrantableBitmap(usedColNumber);
+ colPrivBitmap &= pPrivInfo->getColumnPrivBitmap(usedColNumber);
+ colGrantableBitmap &= pPrivInfo->getColumnGrantableBitmap(usedColNumber);
}
- if (missingPrivilege || vctcul.entries() == 0)
- {
- *CmpCommon::diags() << DgSqlCode(-4481)
- << DgString0("SELECT")
- << DgString1(extUsedObjName.data());
- return false;
- }
+ if ((noObjPriv && missingPrivilege) || vctcul.entries() == 0)
+ {
+ *CmpCommon::diags() << DgSqlCode(-4481)
+ << DgString0("SELECT")
+ << DgString1(extUsedObjName.data());
+ return false;
+ }
for (size_t i = FIRST_DML_COL_PRIV; i <= LAST_DML_COL_PRIV; i++ )
{
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgr.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgr.cpp b/core/sql/sqlcomp/PrivMgr.cpp
index 0dc230b..dd6916c 100644
--- a/core/sql/sqlcomp/PrivMgr.cpp
+++ b/core/sql/sqlcomp/PrivMgr.cpp
@@ -47,6 +47,7 @@
#include "CmpContext.h"
#include "CmpDDLCatErrorCodes.h"
#include "logmxevent_traf.h"
+#include "ComUser.h"
// ==========================================================================
@@ -242,6 +243,62 @@ int32_t diagsMark = pDiags_->mark();
}
+// ----------------------------------------------------------------------------
+// static method: getAuthNameFromAuthID
+//
+// Converts the authorization ID into its corresponding database name
+//
+// authID - ID to convert
+// authName - returned name
+//
+// returns:
+// true - conversion successful
+// false - conversion failed, ComDiags setup with error information
+// ----------------------------------------------------------------------------
+bool PrivMgr::getAuthNameFromAuthID(
+ const int32_t authID,
+ std::string &authName)
+{
+ switch (authID)
+ {
+ case SYSTEM_AUTH_ID:
+ authName = SYSTEM_AUTH_NAME;
+ break;
+ case PUBLIC_AUTH_ID:
+ authName = PUBLIC_AUTH_NAME;
+ break;
+ case SUPER_USER:
+ authName = DB__ROOT;
+ break;
+ case DB_ROOTROLE_ID:
+ authName = DB_ROOTROLE_NAME;
+ break;
+ case HIVE_ROLE_ID:
+ authName = DB__HIVEROLE;
+ break;
+ case HBASE_ROLE_ID:
+ authName = DB__HBASEROLE;
+ break;
+ default:
+ {
+ int32_t length = 0;
+ char authNameFromMD[MAX_DBUSERNAME_LEN + 1];
+
+ Int16 retcode = ComUser::getAuthNameFromAuthID(authID,authNameFromMD,
+ MAX_DBUSERNAME_LEN,length);
+ if (retcode != 0)
+ {
+ *CmpCommon::diags() << DgSqlCode(-20235)
+ << DgInt0(retcode)
+ << DgInt1(authID);
+ return false;
+ }
+ authName = authNameFromMD;
+ }
+ }
+ return true;
+}
+
// *****************************************************************************
// * *
// * Function: PrivMgr::getSQLOperationName *
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgr.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgr.h b/core/sql/sqlcomp/PrivMgr.h
index e710d5a..0466540 100644
--- a/core/sql/sqlcomp/PrivMgr.h
+++ b/core/sql/sqlcomp/PrivMgr.h
@@ -83,6 +83,9 @@ class PrivMgr
{return std::to_string(static_cast<long long int>(value));}
static inline std::string UIDToString(const int64_t value)
{return std::to_string(static_cast<long long int>(value));}
+ static bool getAuthNameFromAuthID(
+ const int32_t authID,
+ std::string &authName);
static const char * getSQLOperationName(SQLOperation operation);
static const char * getSQLOperationCode(SQLOperation operation);
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgrCommands.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrCommands.cpp b/core/sql/sqlcomp/PrivMgrCommands.cpp
index 7f985a0..6a736cc 100644
--- a/core/sql/sqlcomp/PrivMgrCommands.cpp
+++ b/core/sql/sqlcomp/PrivMgrCommands.cpp
@@ -699,8 +699,8 @@ PrivStatus PrivMgrCommands::grantObjectPrivilege (
const int64_t objectUID,
const std::string &objectName,
const ComObjectType objectType,
+ const int32_t grantorUID,
const int32_t granteeUID,
- const std::string &granteeName,
const PrivMgrBitmap &objectPrivs,
const PrivMgrBitmap &grantablePrivs)
{
@@ -712,11 +712,10 @@ PrivStatus PrivMgrCommands::grantObjectPrivilege (
return STATUS_ERROR;
}
- int32_t grantorUID = SYSTEM_AUTH_ID;
PrivMgrPrivileges grantCmd(objectUID, objectName, grantorUID, metadataLocation_, pDiags_);
grantCmd.setTrafMetadataLocation(trafMetadataLocation_);
return grantCmd.grantObjectPriv
- (objectType, granteeUID, granteeName, objectPrivs, grantablePrivs);
+ (objectType, granteeUID, objectPrivs, grantablePrivs);
}
// *****************************************************************************
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgrCommands.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrCommands.h b/core/sql/sqlcomp/PrivMgrCommands.h
index ae1a1f6..67691e7 100644
--- a/core/sql/sqlcomp/PrivMgrCommands.h
+++ b/core/sql/sqlcomp/PrivMgrCommands.h
@@ -501,8 +501,8 @@ public:
const int64_t objectUID,
const std::string &objectName,
const ComObjectType objectType,
+ const int32_t grantorUID,
const int32_t granteeUID,
- const std::string &granteeName,
const PrivMgrBitmap &objectPrivs,
const PrivMgrBitmap &grantablePrivs);
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgrPrivileges.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp
index 1904630..6eb9389 100644
--- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp
+++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp
@@ -1528,7 +1528,6 @@ PrivStatus PrivMgrPrivileges::grantObjectPriv(
PrivStatus PrivMgrPrivileges::grantObjectPriv(
const ComObjectType objectType,
const int32_t granteeID,
- const std::string &granteeName,
const PrivObjectBitmap privsBitmap,
const PrivObjectBitmap grantableBitmap)
{
@@ -1540,6 +1539,15 @@ PrivStatus PrivMgrPrivileges::grantObjectPriv(
return STATUS_ERROR;
}
+ // get the associated grantorName and granteeName
+ std::string grantorName;
+ if (!getAuthNameFromAuthID(grantorID_, grantorName))
+ return STATUS_ERROR;
+
+ std::string granteeName;
+ if (!getAuthNameFromAuthID(granteeID, granteeName))
+ return STATUS_ERROR;
+
// set up the values of the row to insert
ObjectPrivsMDRow row;
row.objectUID_ = objectUID_;
@@ -1548,9 +1556,9 @@ PrivStatus PrivMgrPrivileges::grantObjectPriv(
row.granteeID_ = granteeID;
row.granteeName_ = granteeName;
row.granteeType_ = USER_GRANTEE_LIT;
- row.grantorID_ = SYSTEM_AUTH_ID;
- row.grantorName_ = "_SYSTEM";
- row.grantorType_ = SYSTEM_GRANTOR_LIT;
+ row.grantorID_ = grantorID_;
+ row.grantorName_ = grantorName;
+ row.grantorType_ = (grantorID_ == SYSTEM_USER) ? SYSTEM_GRANTOR_LIT : USER_GRANTOR_LIT;
row.privsBitmap_ = privsBitmap;
row.grantableBitmap_ = grantableBitmap;
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8f658efa/core/sql/sqlcomp/PrivMgrPrivileges.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.h b/core/sql/sqlcomp/PrivMgrPrivileges.h
index a498719..ce0ca55 100644
--- a/core/sql/sqlcomp/PrivMgrPrivileges.h
+++ b/core/sql/sqlcomp/PrivMgrPrivileges.h
@@ -177,7 +177,6 @@ public:
PrivStatus grantObjectPriv(
const ComObjectType objectType,
const int32_t granteeID,
- const std::string &granteeName,
const PrivObjectBitmap privsBitmap,
const PrivObjectBitmap grantableBitmap);