You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafodion.apache.org by rm...@apache.org on 2016/01/12 23:47:07 UTC
[07/20] incubator-trafodion git commit: TRAFODION-1087 &
TRAFODION-1671 fixes
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/e3d65c15/core/sql/regress/privs1/EXPECTED137
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs1/EXPECTED137 b/core/sql/regress/privs1/EXPECTED137
new file mode 100755
index 0000000..41c5ebd
--- /dev/null
+++ b/core/sql/regress/privs1/EXPECTED137
@@ -0,0 +1,2501 @@
+>>obey TEST137(set_up);
+>>prepare get_roles from
++>select substring (auth_db_name,1,20) as role_name
++>from "_MD_".AUTHS
++>where auth_db_name like 'LIBRARY%'
++>order by 1
++>for read uncommitted access;
+
+--- SQL command prepared.
+>>
+>>prepare get_components from
++>select substring (component_name,1,20) as component,
++> substring (component_description,1,30) as description
++>from trafodion."_PRIVMGR_MD_".components
++>where component_name like 'LIBRARY%'
++>order by 1
++>for read uncommitted access;
+
+--- SQL command prepared.
+>>
+>>prepare get_component_operations from
++>select substring (c.component_name,1,20) as component,
++> substring (o.operation_name,1,20) as operation_name,
++> substring (o.operation_code,1,2) as operation_code
++>from trafodion."_PRIVMGR_MD_".component_operations o,
++> trafodion."_PRIVMGR_MD_".components c
++>where (component_name like 'LIBRARY%' and
++> c.component_uid = o.component_uid)
++>order by 1,2, 3
++>for read uncommitted access;
+
+--- SQL command prepared.
+>>
+>>prepare get_priv_desc from
++>select substring (component_name,1,20) as component,
++> substring (operation_name,1,20) as operation_name,
++> substring (grantee_name,1,20) as grantee_name,
++> grant_depth as grant_depth
++>from trafodion."_PRIVMGR_MD_".components c,
++> trafodion."_PRIVMGR_MD_".component_operations p,
++> trafodion."_PRIVMGR_MD_".component_privileges d
++>where c.component_uid = p.component_uid
++> and p.operation_code = d.operation_code
++> and p.component_uid = d.component_uid
++> and c.component_name like 'LIBRARY%'
++>order by 1, 2, d.grantor_ID, d.grantee_name, grant_depth
++>for read uncommitted access;
+
+--- SQL command prepared.
+>>
+>>obey TEST137(create_db);
+>>create shared schema t137;
+
+--- SQL operation complete.
+>>set schema t137;
+
+--- SQL operation complete.
+>>
+>>create role library_admin;
+
+--- SQL operation complete.
+>>grant role library_admin to sql_user1;
+
+--- SQL operation complete.
+>>grant role library_admin to sql_user2;
+
+--- SQL operation complete.
+>>create role library_ckout_clerks;
+
+--- SQL operation complete.
+>>grant role library_ckout_clerks to sql_user1;
+
+--- SQL operation complete.
+>>grant role library_ckout_clerks to sql_user2;
+
+--- SQL operation complete.
+>>grant role library_ckout_clerks to sql_user3, sql_user4, sql_user5;
+
+--- SQL operation complete.
+>>
+>>create table books
++> (book_name varchar (50) not null,
++> book_id largeint primary key not null,
++> book_author varchar (50) not null,
++> book_type int not null);
+
+--- SQL operation complete.
+>>
+>>--grant all on books to library_admin;
+>>--grant select, update on bools to library_ckout_clerks;
+>>grant select on books to public;
+
+--- SQL operation complete.
+>>grant all on books to sql_user1;
+
+--- SQL operation complete.
+>>grant select on books to sql_user1;
+
+--- SQL operation complete.
+>>grant update on books to sql_user1;
+
+--- SQL operation complete.
+>>grant select on books to sql_user2;
+
+--- SQL operation complete.
+>>grant update on books to sql_user2;
+
+--- SQL operation complete.
+>>grant select on books to sql_user6;
+
+--- SQL operation complete.
+>>grant select on books to sql_user7;
+
+--- SQL operation complete.
+>>grant select on books to sql_user8;
+
+--- SQL operation complete.
+>>
+>>create table library_users
++> (user_name varchar (50) not null,
++> user_id int primary key not null,
++> user_details varchar (50) not null);
+
+--- SQL operation complete.
+>>
+>>--grant all on library_users to library_admin;
+>>grant all on library_users to sql_user1;
+
+--- SQL operation complete.
+>>grant select on library_users to sql_user6;
+
+--- SQL operation complete.
+>>grant select on library_users to sql_user7;
+
+--- SQL operation complete.
+>>grant select on library_users to sql_user8;
+
+--- SQL operation complete.
+>>--grant select on library_users to library_ckout_clerk;
+>>
+>>showddl role library_admin;
+
+CREATE ROLE "LIBRARY_ADMIN";
+ -- GRANT ROLE "LIBRARY_ADMIN" TO "DB__ROOT" WITH ADMIN OPTION;
+GRANT ROLE
+ "LIBRARY_ADMIN" TO "SQL_USER1";
+GRANT ROLE "LIBRARY_ADMIN" TO "SQL_USER2";
+
+--- SQL operation complete.
+>>showddl role library_ckout_clerks;
+
+CREATE ROLE "LIBRARY_CKOUT_CLERKS";
+ -- GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO "DB__ROOT" WITH ADMIN OPTION;
+GRANT
+ ROLE "LIBRARY_CKOUT_CLERKS" TO "SQL_USER1";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS"
+ TO "SQL_USER2";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO "SQL_USER3";
+GRANT ROLE
+ "LIBRARY_CKOUT_CLERKS" TO "SQL_USER4";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO
+ "SQL_USER5";
+
+--- SQL operation complete.
+>>
+>>obey TEST137(register_components);
+>>register component Library_books;
+
+--- SQL operation complete.
+>>register component library_accounts detail 'Test component 2';
+
+--- SQL operation complete.
+>>register component library_users detail 'Test component 3';
+
+--- SQL operation complete.
+>>-- should be 3 rows
+>>execute get_components;
+
+COMPONENT DESCRIPTION
+-------------------- ------------------------------
+
+LIBRARY_ACCOUNTS TEST COMPONENT 2
+LIBRARY_BOOKS
+LIBRARY_USERS TEST COMPONENT 3
+
+--- 3 row(s) selected.
+>>
+>>-- fails with a syntax error
+>>register component user;
+
+*** ERROR[15001] A syntax error occurred at or before:
+register component user;
+ ^ (23 characters from start of SQL statement)
+
+*** ERROR[8822] The statement was not prepared.
+
+>>register component "delimited not supported";
+
+*** ERROR[15001] A syntax error occurred at or before:
+register component "delimited not supported";
+ ^ (44 characters from start of SQL statement)
+
+*** ERROR[8822] The statement was not prepared.
+
+>>register component abi**def;
+
+*** ERROR[15001] A syntax error occurred at or before:
+register component abi**def;
+ ^ (24 characters from start of SQL statement)
+
+*** ERROR[8822] The statement was not prepared.
+
+>>
+>>-- fails with component already registered
+>>register component library_books;
+
+*** ERROR[1055] Object LIBRARY_BOOKS already exists.
+
+--- SQL operation failed with errors.
+>>
+>>-- unregister a component that has not been defined
+>>unregister component library_clerks;
+
+*** ERROR[1004] Object LIBRARY_CLERKS does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- a successful unregister
+>>register component library_clerks;
+
+--- SQL operation complete.
+>>-- should be 4 rows
+>>execute get_components;
+
+COMPONENT DESCRIPTION
+-------------------- ------------------------------
+
+LIBRARY_ACCOUNTS TEST COMPONENT 2
+LIBRARY_BOOKS
+LIBRARY_CLERKS
+LIBRARY_USERS TEST COMPONENT 3
+
+--- 4 row(s) selected.
+>>unregister component library_clerks;
+
+--- SQL operation complete.
+>>-- should return 3 rows
+>>execute get_components;
+
+COMPONENT DESCRIPTION
+-------------------- ------------------------------
+
+LIBRARY_ACCOUNTS TEST COMPONENT 2
+LIBRARY_BOOKS
+LIBRARY_USERS TEST COMPONENT 3
+
+--- 3 row(s) selected.
+>>
+>>obey TEST137(create_privs);
+>>-- create component privileges for library_books:
+>>create component privilege lib_manage_checkouts as 'MC' on library_books;
+
+--- SQL operation complete.
+>>create component privilege lib_view_checkouts as 'VC' on library_books
++> detail 'Can see checkout information';
+
+--- SQL operation complete.
+>>create component privilege lib_view_repository as 'VR' on library_books;
+
+--- SQL operation complete.
+>>
+>>-- create component privileges for library_accounts:
+>>create component privilege lib_manage_overdue as 'MO' on library_accounts
++> detail 'Can handle tasks to manage overdue books';
+
+--- SQL operation complete.
+>>create component privilege lib_view_checkouts as 'VC' on library_accounts;
+
+--- SQL operation complete.
+>>
+>>-- create component privileges for library_users:
+>>create component privilege lib_manage_users as 'MU' on library_users;
+
+--- SQL operation complete.
+>>create component privilege lib_view_users as 'VU' on library_users;
+
+--- SQL operation complete.
+>>
+>>-- should return 7 rows
+>>execute get_component_operations;
+
+COMPONENT OPERATION_NAME OPERATION_CODE
+-------------------- -------------------- --------------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE MO
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS MC
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY VR
+LIBRARY_USERS LIB_MANAGE_USERS MU
+LIBRARY_USERS LIB_VIEW_USERS VU
+
+--- 7 row(s) selected.
+>>
+>>-- error: component does not exist
+>>create component privilege lib_misc as 'MI' on library_xxxx;
+
+*** ERROR[1004] Object LIBRARY_XXXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- error: privilege already defined
+>>create component privilege lib_manage_users as 'MA' on library_users;
+
+*** ERROR[1357] Cannot create the component privilege specified. Component privilege name LIB_MANAGE_USERS for the component already exists.
+
+--- SQL operation failed with errors.
+>>
+>>-- error: privilege type already defined
+>>create component privilege lib_misc as 'MU' on library_users;
+
+*** ERROR[1356] Cannot create the component privilege specified. Component privilege code MU for the component already exists.
+
+--- SQL operation failed with errors.
+>>
+>>obey TEST137(grant_revoke_priv_desc);
+>>grant component privilege lib_manage_checkouts,
++> lib_view_checkouts,
++> lib_view_repository
++> on library_books to library_admin;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_manage_checkouts,
++> lib_view_checkouts,
++> lib_view_repository
++> on library_books to sql_user1 with grant option;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_checkouts,
++> lib_view_repository
++> on library_books to library_ckout_clerks;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++> on library_books to public;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user5;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user6;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user7;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user8;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_manage_overdue, lib_view_checkouts
++> on library_accounts to library_admin;
+
+--- SQL operation complete.
+>>grant component privilege lib_manage_overdue, lib_view_checkouts
++> on library_accounts to sql_user2 with grant option;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_checkouts
++> on library_accounts to library_ckout_clerks;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_manage_users, lib_view_users
++> on library_users to library_admin;
+
+--- SQL operation complete.
+>>grant component privilege lib_manage_users, lib_view_users
++> on library_users to sql_user3 with grant option;
+
+--- SQL operation complete.
+>>
+>>-- should return 7 rows
+>>execute get_component_operations;
+
+COMPONENT OPERATION_NAME OPERATION_CODE
+-------------------- -------------------- --------------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE MO
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS MC
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY VR
+LIBRARY_USERS LIB_MANAGE_USERS MU
+LIBRARY_USERS LIB_VIEW_USERS VU
+
+--- 7 row(s) selected.
+>>
+>>-- should return 28 rows
+>>execute get_priv_desc;
+
+COMPONENT OPERATION_NAME GRANTEE_NAME GRANT_DEPTH
+-------------------- -------------------- -------------------------------------------------------------------------------- -----------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE SQL_USER2 -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS SQL_USER2 -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY PUBLIC 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER5 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER6 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER7 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER8 0
+LIBRARY_USERS LIB_MANAGE_USERS DB__ROOT -1
+LIBRARY_USERS LIB_MANAGE_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_MANAGE_USERS SQL_USER3 -1
+LIBRARY_USERS LIB_VIEW_USERS DB__ROOT -1
+LIBRARY_USERS LIB_VIEW_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_VIEW_USERS SQL_USER3 -1
+
+--- 29 row(s) selected.
+>>
+>>-- grant privileges already granted
+>>grant component privilege lib_view_repository
++> on library_books to sql_user6;
+
+--- SQL operation complete.
+>>
+>>-- should return 7 rows
+>>execute get_component_operations;
+
+COMPONENT OPERATION_NAME OPERATION_CODE
+-------------------- -------------------- --------------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE MO
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS MC
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY VR
+LIBRARY_USERS LIB_MANAGE_USERS MU
+LIBRARY_USERS LIB_VIEW_USERS VU
+
+--- 7 row(s) selected.
+>>
+>>-- add WGO
+>>-- should return 28 rows, sql_user6 should be WGO
+>>grant component privilege lib_view_repository
++> on library_books to sql_user6 with grant option;
+
+--- SQL operation complete.
+>>execute get_priv_desc;
+
+COMPONENT OPERATION_NAME GRANTEE_NAME GRANT_DEPTH
+-------------------- -------------------- -------------------------------------------------------------------------------- -----------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE SQL_USER2 -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS SQL_USER2 -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY PUBLIC 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER5 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER6 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER7 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER8 0
+LIBRARY_USERS LIB_MANAGE_USERS DB__ROOT -1
+LIBRARY_USERS LIB_MANAGE_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_MANAGE_USERS SQL_USER3 -1
+LIBRARY_USERS LIB_VIEW_USERS DB__ROOT -1
+LIBRARY_USERS LIB_VIEW_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_VIEW_USERS SQL_USER3 -1
+
+--- 29 row(s) selected.
+>>
+>>-- make sure it is not taken away
+>>grant component privilege lib_view_repository
++> on library_books to sql_user6;
+
+--- SQL operation complete.
+>>-- returns 28 rows, sql_user6 still has WGO as Y
+>>execute get_priv_desc;
+
+COMPONENT OPERATION_NAME GRANTEE_NAME GRANT_DEPTH
+-------------------- -------------------- -------------------------------------------------------------------------------- -----------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE SQL_USER2 -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS SQL_USER2 -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY DB__ROOT -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_ADMIN 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY LIBRARY_CKOUT_CLERKS 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY PUBLIC 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER1 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER5 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER6 -1
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER7 0
+LIBRARY_BOOKS LIB_VIEW_REPOSITORY SQL_USER8 0
+LIBRARY_USERS LIB_MANAGE_USERS DB__ROOT -1
+LIBRARY_USERS LIB_MANAGE_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_MANAGE_USERS SQL_USER3 -1
+LIBRARY_USERS LIB_VIEW_USERS DB__ROOT -1
+LIBRARY_USERS LIB_VIEW_USERS LIBRARY_ADMIN 0
+LIBRARY_USERS LIB_VIEW_USERS SQL_USER3 -1
+
+--- 29 row(s) selected.
+>>
+>>-- error unknown component
+>>grant component privilege lib_view_repository on library_xxxx to sql_user9;
+
+*** ERROR[1004] Object LIBRARY_XXXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- error: unknown privilege
+>>grant component privilege lib_view_xxx on library_books to sql_user9;
+
+*** ERROR[1004] Object LIB_VIEW_XXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>grant component privilege lib_view_checkouts,
++> lib_view_repository,
++> lib_view_xxx
++> on library_books to sql_user9;
+
+*** ERROR[1004] Object LIB_VIEW_XXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- error: grant to unknown user or role
+>>grant component privilege lib_view_repository on library_books to authid_xxxx;
+
+*** ERROR[1008] Authorization identifier AUTHID_XXXX does not exist.
+
+--- SQL operation failed with errors.
+>>
+>>-- success: grant to a role WGO
+>>grant component privilege lib_view_repository
++> on library_books to DB__ROOTROLE with grant option;
+
+--- SQL operation complete.
+>>revoke grant option for component privilege lib_view_repository
++> on library_books from DB__ROOTROLE;
+
+--- SQL operation complete.
+>>revoke component privilege lib_view_repository
++> on library_books from DB__ROOTROLE;
+
+--- SQL operation complete.
+>>
+>>-- error: specify the same privilege twice
+>>grant component privilege lib_view_repository,
++> lib_view_repository
++> on library_books to DB__ROOTROLE;
+
+*** ERROR[3170] Duplicate component privileges were specified.
+
+*** ERROR[8822] The statement was not prepared.
+
+>>
+>>obey TEST137(drop_privs);
+>>drop component privilege lib_view_repository on library_books cascade;
+
+--- SQL operation complete.
+>>-- returns 6 rows
+>>execute get_component_operations;
+
+COMPONENT OPERATION_NAME OPERATION_CODE
+-------------------- -------------------- --------------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE MO
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS MC
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS VC
+LIBRARY_USERS LIB_MANAGE_USERS MU
+LIBRARY_USERS LIB_VIEW_USERS VU
+
+--- 6 row(s) selected.
+>>
+>>-- unregister component gets rid of priivleges
+>>unregister component library_users cascade;
+
+--- SQL operation complete.
+>>-- returns 4 rows
+>>execute get_component_operations;
+
+COMPONENT OPERATION_NAME OPERATION_CODE
+-------------------- -------------------- --------------
+
+LIBRARY_ACCOUNTS LIB_MANAGE_OVERDUE MO
+LIBRARY_ACCOUNTS LIB_VIEW_CHECKOUTS VC
+LIBRARY_BOOKS LIB_MANAGE_CHECKOUTS MC
+LIBRARY_BOOKS LIB_VIEW_CHECKOUTS VC
+
+--- 4 row(s) selected.
+>>-- returns 2 rows
+>>execute get_components;
+
+COMPONENT DESCRIPTION
+-------------------- ------------------------------
+
+LIBRARY_ACCOUNTS TEST COMPONENT 2
+LIBRARY_BOOKS
+
+--- 2 row(s) selected.
+>>
+>>-- error: unknown component
+>>drop component privilege lib_view_repository on library_xxxx;
+
+*** ERROR[1004] Object LIBRARY_XXXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- error unknown privilege
+>>drop component privilege lib_view_xxxx on library_books;
+
+*** ERROR[1004] Object LIB_VIEW_XXXX does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>
+>>log;
+>>-- These tests should succeed
+>>-- returns 2 rows
+>>showddl role db__rootrole;
+
+CREATE ROLE "DB__ROOTROLE";
+ -- GRANT ROLE "DB__ROOTROLE" TO "DB__ROOT" WITH ADMIN OPTION;
+
+--- SQL operation complete.
+>>execute get_component_operations;
+
+*** ERROR[15017] Statement GET_COMPONENT_OPERATIONS was not found.
+
+>>grant component privilege lib_view_checkouts on library_books to sql_user4
++> with grant option;
+
+--- SQL operation complete.
+>>grant component privilege lib_manage_checkouts on library_books to sql_user5;
+
+--- SQL operation complete.
+>>-- returns 17 rows
+>>execute get_priv_desc;
+
+*** ERROR[15017] Statement GET_PRIV_DESC was not found.
+
+>>
+>>-- These tests should fail
+>>register component library_other;
+
+*** ERROR[1017] You are not authorized to perform this operation.
+
+--- SQL operation failed with errors.
+>>create component privilege lib_other as 'LO' on library_books;
+
+*** ERROR[1017] You are not authorized to perform this operation.
+
+--- SQL operation failed with errors.
+>>--revoke component privilege lib_manage_checkouts
+>>-- on library_books from library_admin;
+>>--revoke component privilege lib_view_repository
+>>-- on library_books from sql_user6;
+>>log;
+>>-- these tests should succeed
+>>grant component privilege lib_view_checkouts on library_books to sql_user6;
+
+--- SQL operation complete.
+>>execute get_priv_desc;
+
+*** ERROR[15017] Statement GET_PRIV_DESC was not found.
+
+>>revoke component privilege lib_view_checkouts on library_books from sql_user6;
+
+--- SQL operation complete.
+>>
+>>-- these tests should fail
+>>grant component privilege lib_manage_checkouts on library_books to sql_user6;
+
+*** ERROR[1017] You are not authorized to perform this operation.
+
+--- SQL operation failed with errors.
+>>log;
+>>-- these tests should fail
+>>grant component privilege lib_view_repository on library_books to sql_user7;
+
+*** ERROR[1004] Object LIB_VIEW_REPOSITORY does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>log;
+>>obey TEST137(operator_privs);
+>>-- This section tests operation privileges:
+>>-- Test environment
+>>-- sql_user2 - has been granted library_admin role
+>>-- sql_user3 - has been granted library_ckout_clerks role
+>>-- sql_user6 - has been granted db__useradmin role
+>>-- sql_user7 - will be granted/revoked SQL privileges
+>>-- sql_user8 - no SQL privileges or roles with SQL privileges
+>>-- db__root
+>>-- db__useradmin - has implicit SQL privileges
+>>-- library_admin - will be granted and revoked SQL privileges
+>>-- library_ckout_clerks - no SQL privileges
+>>
+>>-- set up privileges
+>>showddl role library_admin;
+
+CREATE ROLE "LIBRARY_ADMIN";
+ -- GRANT ROLE "LIBRARY_ADMIN" TO "DB__ROOT" WITH ADMIN OPTION;
+GRANT ROLE
+ "LIBRARY_ADMIN" TO "SQL_USER1";
+GRANT ROLE "LIBRARY_ADMIN" TO "SQL_USER2";
+
+--- SQL operation complete.
+>>showddl role library_ckout_clerks;
+
+CREATE ROLE "LIBRARY_CKOUT_CLERKS";
+ -- GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO "DB__ROOT" WITH ADMIN OPTION;
+GRANT
+ ROLE "LIBRARY_CKOUT_CLERKS" TO "SQL_USER1";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS"
+ TO "SQL_USER2";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO "SQL_USER3";
+GRANT ROLE
+ "LIBRARY_CKOUT_CLERKS" TO "SQL_USER4";
+GRANT ROLE "LIBRARY_CKOUT_CLERKS" TO
+ "SQL_USER5";
+
+--- SQL operation complete.
+>>showddl component sql_operations;
+
+REGISTER COMPONENT SQL_OPERATIONS SYSTEM DETAIL 'Component for SQL operations';
+
+CREATE COMPONENT PRIVILEGE ALTER AS 'A0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter database objects';
+
+-- GRANT COMPONENT PRIVILEGE ALTER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION AS 'AA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to alter routine actions';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_TRIGGER AS 'AG' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter triggers';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SCHEMA AS 'AH' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter schemas';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_LIBRARY AS 'AL' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter libraries';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SEQUENCE AS 'AQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_ROUTINE AS 'AR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter routines';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_TABLE AS 'AT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter tables';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_VIEW AS 'AV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter views';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SYNONYM AS 'AY' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter synonyms';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE AS 'C0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create database objects';
+
+-- GRANT COMPONENT PRIVILEGE CREATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION AS 'CA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to create routine actions';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_CATALOG AS 'CC' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create catalogs';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_TRIGGER AS 'CG' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create triggers';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SCHEMA AS 'CH' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create schemas';
+
+ GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO PUBLIC;
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_INDEX AS 'CI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create indexes';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_INDEX
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_INDEX
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_LIBRARY AS 'CL' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create libraries';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_PROCEDURE AS 'CP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create procedures';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SEQUENCE AS 'CQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_ROUTINE AS 'CR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create routines';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_TABLE AS 'CT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create tables';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_VIEW AS 'CV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create views';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SYNONYM AS 'CY' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create synonyms';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP AS 'D0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop database objects';
+
+-- GRANT COMPONENT PRIVILEGE DROP
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_ROUTINE_ACTION AS 'DA' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop routine actions';
+
+-- GRANT COMPONENT PRIVILEGE DROP_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_CATALOG AS 'DC' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop catalogs';
+
+-- GRANT COMPONENT PRIVILEGE DROP_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_TRIGGER AS 'DG' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop triggers';
+
+-- GRANT COMPONENT PRIVILEGE DROP_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SCHEMA AS 'DH' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop schemas';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_INDEX AS 'DI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop indexes';
+
+-- GRANT COMPONENT PRIVILEGE DROP_INDEX
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_INDEX
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_LIBRARY AS 'DL' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop libraries';
+
+-- GRANT COMPONENT PRIVILEGE DROP_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_PROCEDURE AS 'DP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop procedures';
+
+-- GRANT COMPONENT PRIVILEGE DROP_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SEQUENCE AS 'DQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_ROUTINE AS 'DR' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop routines';
+
+-- GRANT COMPONENT PRIVILEGE DROP_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_TABLE AS 'DT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop tables';
+
+-- GRANT COMPONENT PRIVILEGE DROP_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_VIEW AS 'DV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop views';
+
+-- GRANT COMPONENT PRIVILEGE DROP_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SYNONYM AS 'DY' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop synonyms';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE AS 'M0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage all SQL Operations';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_COMPONENTS AS 'MC' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage components';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_COMPONENTS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_COMPONENTS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_LIBRARY AS 'ML' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage libraries';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_PRIVILEGES AS 'MP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage privileges on SQL objects';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_PRIVILEGES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_PRIVILEGES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_ROLES AS 'MR' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage roles';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_ROLES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_ROLES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_STATISTICS AS 'MS' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to show and update statistics';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_STATISTICS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_STATISTICS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_LOAD AS 'MT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to perform LOAD and UNLOAD commands';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_LOAD
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_LOAD
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_USERS AS 'MU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage users';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_USERS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_USERS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_DELETE AS 'PD' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to delete rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_DELETE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_DELETE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_EXECUTE AS 'PE' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to execute functions';
+
+-- GRANT COMPONENT PRIVILEGE DML_EXECUTE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_EXECUTE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_USAGE AS 'PG' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to use libraries and sequences';
+
+-- GRANT COMPONENT PRIVILEGE DML_USAGE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_USAGE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_INSERT AS 'PI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to insert rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_INSERT
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_INSERT
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_REFERENCES AS 'PR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to reference columns';
+
+-- GRANT COMPONENT PRIVILEGE DML_REFERENCES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_REFERENCES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_SELECT AS 'PS' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to select rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_SELECT
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_SELECT
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_UPDATE AS 'PU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to update rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_UPDATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_UPDATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_ACTIVATE AS 'QA' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to activate queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_ACTIVATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_ACTIVATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_CANCEL AS 'QC' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to cancel queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_CANCEL
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_CANCEL
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_SUSPEND AS 'QS' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to suspend queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_SUSPEND
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_SUSPEND
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE REMAP_USER AS 'RU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to remap DB__ users to a different external username';
+
+-- GRANT COMPONENT PRIVILEGE REMAP_USER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE REMAP_USER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE SHOW AS 'SW' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to view metadata information about objects';
+
+ GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO PUBLIC;
+
+-- GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA AS 'UA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to use non-default schemas';
+
+-- GRANT COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+
+--- SQL operation complete.
+>>
+>>-- user2
+>>-- Create operations fail
+>>sh sh runmxci.ksh -i "TEST137(user2_cc)" -u sql_user2;
+>>-- user2 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>-- create catalog works
+>>grant component privilege create_catalog on sql_operations to library_admin;
+
+--- SQL operation complete.
+>>sh sh runmxci.ksh -i "TEST137(user2_cc)" -u sql_user2;
+>>-- user2 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>-- create catalog and create schema works
+>>grant component privilege create_schema on sql_operations to library_admin;
+
+--- SQL operation complete.
+>>sh sh runmxci.ksh -i "TEST137(user2_cc)" -u sql_user2;
+>>-- user2 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>-- create catalog fails
+>>revoke component privilege create_catalog
++> on sql_operations from library_admin;
+
+--- SQL operation complete.
+>>sh sh runmxci.ksh -i "TEST137(user2_cc)" -u sql_user2;
+>>-- user2 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>revoke component privilege create_schema
++> on sql_operations from library_admin;
+
+--- SQL operation complete.
+>>
+>>-- user3 (operation fail)
+>>sh sh runmxci.ksh -i "TEST137(user3_cc)" -u sql_user3;
+>>-- user3 requests
+>>--create catalog t137cat1;
+>>--create schema t137sch;
+>>log;
+>>
+>>-- user6
+>>-- operation fails
+>>sh sh runmxci.ksh -i "TEST137(user6_cc)" -u sql_user6;
+>>-- user6 requests
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>-- operation works
+>>grant role db__useradmin to sql_user6;
+
+*** ERROR[1338] Role DB__USERADMIN is not defined in the database.
+
+--- SQL operation failed with errors.
+>>sh sh runmxci.ksh -i "TEST137(user6_cc)" -u sql_user6;
+>>-- user6 requests
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>-- operation fails
+>>revoke role db__useradmin from sql_user6;
+
+*** ERROR[1338] Role DB__USERADMIN is not defined in the database.
+
+--- SQL operation failed with errors.
+>>sh sh runmxci.ksh -i "TEST137(user6_cc)" -u sql_user6;
+>>-- user6 requests
+>>--create schema t137sch;
+>>--drop schema t137sch cascade;
+>>log;
+>>
+>>-- user7
+>>-- fails
+>>sh sh runmxci.ksh -i "TEST137(user7_cc)" -u sql_user7;
+>>-- user7 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>log;
+>>-- works
+>>grant component privilege create_catalog, create_schema
++> on sql_operations to sql_user7;
+
+--- SQL operation complete.
+>>sh sh runmxci.ksh -i "TEST137(user7_cc)" -u sql_user7;
+>>-- user7 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>log;
+>>-- fails
+>>revoke component privilege create_schema, create_catalog
++> on sql_operations from sql_user7;
+
+--- SQL operation complete.
+>>sh sh runmxci.ksh -i "TEST137(user7_cc)" -u sql_user7;
+>>-- user7 requests
+>>--create catalog t137cat1;
+>>--create schema t137cat1.t137sch;
+>>--drop schema t137cat1.t137sch;
+>>--drop catalog t137cat1;
+>>log;
+>>
+>>-- user8 (fails)
+>>sh sh runmxci.ksh -i "TEST137(user8_cc)" -u sql_user8;
+>>-- user8 requests
+>>--create catalog t137cat1;
+>>--create schema t137sch;
+>>log;
+>>
+>>showddl component sql_operations;
+
+REGISTER COMPONENT SQL_OPERATIONS SYSTEM DETAIL 'Component for SQL operations';
+
+CREATE COMPONENT PRIVILEGE ALTER AS 'A0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter database objects';
+
+-- GRANT COMPONENT PRIVILEGE ALTER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION AS 'AA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to alter routine actions';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_TRIGGER AS 'AG' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter triggers';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SCHEMA AS 'AH' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter schemas';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_LIBRARY AS 'AL' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter libraries';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SEQUENCE AS 'AQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_ROUTINE AS 'AR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter routines';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_TABLE AS 'AT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter tables';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_VIEW AS 'AV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to alter views';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE ALTER_SYNONYM AS 'AY' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to alter synonyms';
+
+-- GRANT COMPONENT PRIVILEGE ALTER_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE ALTER_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE AS 'C0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create database objects';
+
+-- GRANT COMPONENT PRIVILEGE CREATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION AS 'CA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to create routine actions';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_CATALOG AS 'CC' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create catalogs';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_TRIGGER AS 'CG' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create triggers';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SCHEMA AS 'CH' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create schemas';
+
+ GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO PUBLIC;
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_INDEX AS 'CI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create indexes';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_INDEX
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_INDEX
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_LIBRARY AS 'CL' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create libraries';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_PROCEDURE AS 'CP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create procedures';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SEQUENCE AS 'CQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_ROUTINE AS 'CR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create routines';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_TABLE AS 'CT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create tables';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_VIEW AS 'CV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to create views';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE CREATE_SYNONYM AS 'CY' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to create synonyms';
+
+-- GRANT COMPONENT PRIVILEGE CREATE_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE CREATE_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP AS 'D0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop database objects';
+
+-- GRANT COMPONENT PRIVILEGE DROP
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_ROUTINE_ACTION AS 'DA' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop routine actions';
+
+-- GRANT COMPONENT PRIVILEGE DROP_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_ROUTINE_ACTION
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_CATALOG AS 'DC' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop catalogs';
+
+-- GRANT COMPONENT PRIVILEGE DROP_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_CATALOG
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_TRIGGER AS 'DG' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop triggers';
+
+-- GRANT COMPONENT PRIVILEGE DROP_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_TRIGGER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SCHEMA AS 'DH' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop schemas';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_INDEX AS 'DI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop indexes';
+
+-- GRANT COMPONENT PRIVILEGE DROP_INDEX
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_INDEX
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_LIBRARY AS 'DL' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop libraries';
+
+-- GRANT COMPONENT PRIVILEGE DROP_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_PROCEDURE AS 'DP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop procedures';
+
+-- GRANT COMPONENT PRIVILEGE DROP_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_PROCEDURE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SEQUENCE AS 'DQ' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to drop sequence generators';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SEQUENCE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_ROUTINE AS 'DR' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop routines';
+
+-- GRANT COMPONENT PRIVILEGE DROP_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_ROUTINE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_TABLE AS 'DT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop tables';
+
+-- GRANT COMPONENT PRIVILEGE DROP_TABLE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_TABLE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_VIEW AS 'DV' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop views';
+
+-- GRANT COMPONENT PRIVILEGE DROP_VIEW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_VIEW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DROP_SYNONYM AS 'DY' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to drop synonyms';
+
+-- GRANT COMPONENT PRIVILEGE DROP_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DROP_SYNONYM
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE AS 'M0' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage all SQL Operations';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_COMPONENTS AS 'MC' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage components';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_COMPONENTS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_COMPONENTS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_LIBRARY AS 'ML' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage libraries';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_LIBRARY
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_PRIVILEGES AS 'MP' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to manage privileges on SQL objects';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_PRIVILEGES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_PRIVILEGES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_ROLES AS 'MR' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage roles';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_ROLES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_ROLES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_STATISTICS AS 'MS' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to show and update statistics';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_STATISTICS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_STATISTICS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_LOAD AS 'MT' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to perform LOAD and UNLOAD commands';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_LOAD
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_LOAD
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE MANAGE_USERS AS 'MU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to manage users';
+
+-- GRANT COMPONENT PRIVILEGE MANAGE_USERS
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE MANAGE_USERS
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_DELETE AS 'PD' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to delete rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_DELETE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_DELETE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_EXECUTE AS 'PE' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to execute functions';
+
+-- GRANT COMPONENT PRIVILEGE DML_EXECUTE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_EXECUTE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_USAGE AS 'PG' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to use libraries and sequences';
+
+-- GRANT COMPONENT PRIVILEGE DML_USAGE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_USAGE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_INSERT AS 'PI' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to insert rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_INSERT
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_INSERT
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_REFERENCES AS 'PR' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to reference columns';
+
+-- GRANT COMPONENT PRIVILEGE DML_REFERENCES
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_REFERENCES
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_SELECT AS 'PS' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to select rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_SELECT
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_SELECT
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE DML_UPDATE AS 'PU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to update rows';
+
+-- GRANT COMPONENT PRIVILEGE DML_UPDATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE DML_UPDATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_ACTIVATE AS 'QA' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to activate queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_ACTIVATE
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_ACTIVATE
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_CANCEL AS 'QC' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to cancel queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_CANCEL
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_CANCEL
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE QUERY_SUSPEND AS 'QS' ON SQL_OPERATIONS SYSTEM
+ DETAIL 'Allow grantee to suspend queries';
+
+-- GRANT COMPONENT PRIVILEGE QUERY_SUSPEND
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE QUERY_SUSPEND
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE REMAP_USER AS 'RU' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to remap DB__ users to a different external username';
+
+-- GRANT COMPONENT PRIVILEGE REMAP_USER
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE REMAP_USER
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE SHOW AS 'SW' ON SQL_OPERATIONS SYSTEM DETAIL
+ 'Allow grantee to view metadata information about objects';
+
+ GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO PUBLIC;
+
+-- GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE SHOW
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+CREATE COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA AS 'UA' ON SQL_OPERATIONS
+ SYSTEM DETAIL 'Allow grantee to use non-default schemas';
+
+-- GRANT COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOT
+ WITH GRANT OPTION;
+
+ GRANT COMPONENT PRIVILEGE USE_ALTERNATE_SCHEMA
+ ON SQL_OPERATIONS TO DB__ROOTROLE
+ WITH GRANT OPTION;
+
+
+
+--- SQL operation complete.
+>>
+>>
+>>obey TEST137(clean_up);
+>>-- remove component information
+>>unregister component library_books cascade;
+
+--- SQL operation complete.
+>>unregister component library_accounts cascade;
+
+--- SQL operation complete.
+>>unregister component library_users cascade;
+
+*** ERROR[1004] Object LIBRARY_USERS does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>unregister component library_other cascade;
+
+*** ERROR[1004] Object LIBRARY_OTHER does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>execute get_component_operations;
+
+--- 0 row(s) selected.
+>>execute get_components;
+
+--- 0 row(s) selected.
+>>-- drop database
+>>drop schema t137 cascade;
+
+--- SQL operation complete.
+>>
+>>drop component privilege lib_view_benefactors cascade;
+
+*** ERROR[15001] A syntax error occurred at or before:
+drop component privilege lib_view_benefactors cascade;
+ ^ (53 characters from start of SQL statement)
+
+*** ERROR[8822] The statement was not prepared.
+
+>>unregister component library_fund_raisers cascade;
+
+*** ERROR[1004] Object LIBRARY_FUND_RAISERS does not exist or object type is invalid for the current operation.
+
+--- SQL operation failed with errors.
+>>
+>>-- remove roles
+>>revoke role library_admin from sql_user1;
+
+--- SQL operation complete.
+>>revoke role library_admin from sql_user2;
+
+--- SQL operation complete.
+>>drop role library_admin;
+
+--- SQL operation complete.
+>>
+>>revoke role library_ckout_clerks from sql_user1;
+
+--- SQL operation complete.
+>>revoke role library_ckout_clerks from sql_user2;
+
+--- SQL operation complete.
+>>revoke role library_ckout_clerks from sql_user3, sql_user4, sql_user5;
+
+--- SQL operation complete.
+>>drop role library_ckout_clerks;
+
+--- SQL operation complete.
+>>
+>>
+>>-- run tests for revoke.
+>>obey TEST137(revoke_comp_privs_setup);
+>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+
+--- SQL operation complete.
+>>log LOG137;
+>>create role library_admin;
+
+--- SQL operation complete.
+>>grant role library_admin to sql_user1, sql_user2;
+
+--- SQL operation complete.
+>>create role library_ckout_clerks;
+
+--- SQL operation complete.
+>>grant role library_ckout_clerks to sql_user1, sql_user2, sql_user3, sql_user4, sql_user5;
+
+--- SQL operation complete.
+>>
+>>
+>>register component Library_books;
+
+--- SQL operation complete.
+>>create component privilege lib_manage_checkouts as 'MC' on library_books;
+
+--- SQL operation complete.
+>>create component privilege lib_view_checkouts as 'VC' on library_books
++> detail 'Can see checkout information';
+
+--- SQL operation complete.
+>>create component privilege lib_view_repository as 'VR' on library_books;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_manage_checkouts,
++> lib_view_checkouts,
++> lib_view_repository
++> on library_books to library_admin;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_manage_checkouts,
++> lib_view_checkouts,
++> lib_view_repository
++> on library_books to sql_user1 with grant option;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_checkouts,
++> lib_view_repository
++> on library_books to library_ckout_clerks;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++> on library_books to sql_user5;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user6;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user7;
+
+--- SQL operation complete.
+>>grant component privilege lib_view_repository
++> on library_books to sql_user8;
+
+--- SQL operation complete.
+>>
+>>log;
+>>grant component privilege lib_view_repository
++>on library_books to sql_user2 with grant option;
+
+--- SQL operation complete.
+>>log;
+>>grant component privilege lib_view_repository
++>on library_books to sql_user3 with grant option;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++>on library_books to sql_user1;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++>on library_books to sql_user5;
+
+--- SQL operation complete.
+>>log;
+>>grant component privilege lib_view_repository
++>on library_books to DB__ROOT with grant option;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++>on library_books to sql_user5;
+
+--- SQL operation complete.
+>>
+>>grant component privilege lib_view_repository
++>on library_books to sql_user4 with grant option;
+
+--- SQL operation complete.
+>>log;
+>>grant component privilege lib_view_repository
++>on library_books to sql_user5;
+
+--- SQL operation complete.
+>>log;
+>>revoke component privilege lib_view_repository
++>on library_books from sql_user3;
+
+--- SQL operation complete.
+>>log;
+>>unregister component Library_books cascade;
+
+--- SQL operation complete.
+>>revoke role library_admin from sql_user1, sql_user2;
+
+--- SQL operation complete.
+>>revoke role library_ckout_clerks from sql_user1, sql_user2, sql_user3, sql_user4, sql_user5;
+
+--- SQL operation complete.
+>>drop role library_admin;
+
+--- SQL operation complete.
+>>drop role library_ckout_clerks;
+
+--- SQL operation complete.
+>>log;
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/e3d65c15/core/sql/regress/privs1/EXPECTED141
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs1/EXPECTED141 b/core/sql/regress/privs1/EXPECTED141
new file mode 100644
index 0000000..6c0717e
Binary files /dev/null and b/core/sql/regress/privs1/EXPECTED141 differ
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/e3d65c15/core/sql/regress/privs1/FILTER132
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs1/FILTER132 b/core/sql/regress/privs1/FILTER132
new file mode 100755
index 0000000..d15a796
--- /dev/null
+++ b/core/sql/regress/privs1/FILTER132
@@ -0,0 +1,40 @@
+#! /bin/sh
+# @@@ START COPYRIGHT @@@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# @@@ END COPYRIGHT @@@
+
+# Like the pattern-masking of QACOMP, here we filter out such stuff as
+# timestamps and generated identifiers. Called by the runregr script
+# before doing diff.
+
+fil=$1
+if [ "$fil" = "" ]; then
+ echo "Usage: $0 filename"
+ exit 1
+fi
+
+# filters for showstats output
+#Table ID: 56910649950845593
+#2071939932 8 8 8 SYSKEY
+sed "
+s/Table ID: *[0-9]*/Table ID: <ID removed>/g
+s:^[ ]\{0,9\}[0-9]\{1,10\}:0000000000:
+" $fil
+