You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafodion.apache.org by rm...@apache.org on 2016/01/26 22:19:07 UTC
[1/5] incubator-trafodion git commit: Merge branch 'master' into
priv-fixes
Repository: incubator-trafodion
Updated Branches:
refs/heads/master dd0156f96 -> c0bb8efaa
Merge branch 'master' into priv-fixes
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/35692557
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/35692557
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/35692557
Branch: refs/heads/master
Commit: 356925572d80f940fb9e3c08c1db680083b2169f
Parents: 678195b 0bd7a14
Author: Roberta Marton <ro...@apache.org>
Authored: Thu Jan 21 17:19:55 2016 +0000
Committer: Roberta Marton <ro...@apache.org>
Committed: Thu Jan 21 17:19:55 2016 +0000
----------------------------------------------------------------------
.../java/org/trafodion/rest/RESTServlet.java | 16 +-
core/sqf/sql/scripts/dcscheck | 2 +-
core/sqf/sql/scripts/dcsstop | 2 +-
core/sql/executor/ExHbaseAccess.h | 2 +
core/sql/executor/ExHbaseIUD.cpp | 56 +-
core/sql/executor/hiveHook.cpp | 2 +-
core/sql/exp/ExpHbaseInterface.cpp | 38 +-
core/sql/optimizer/NATable.cpp | 73 +-
core/sql/sqlcat/desc.h | 1 -
core/sql/sqlcomp/CmpSeabaseDDLtable.cpp | 18 +-
dcs/bin/scripts/dcsbind.sh | 6 +-
dcs/bin/scripts/dcsunbind.sh | 14 +-
.../Descriptor2List.java | 2 +-
.../serverHandler/ServerApiSqlEndTransact.java | 14 +-
.../serverHandler/ServerApiSqlExecDirect.java | 2 +-
.../serverHandler/ServerApiSqlFetch.java | 1 -
.../dcs/servermt/serverSql/TrafConnection.java | 2 +-
.../ODBC_Sample_Programs/basicsql.cpp | 320 -
.../ODBC_Sample_Programs/build.bat | 25 -
.../client_install/ODBC_Sample_Programs/run.bat | 23 -
docs/client_install/pom.xml | 264 +
.../Trafodion_Client_Installation_Guide.xml | 3251 --
.../source/img/Add_Alias_SQuirreL.png | Bin 9719 -> 0 bytes
.../source/img/Add_Driver_SQuirreL.png | Bin 42544 -> 0 bytes
.../img/Database_Connection_in_DbVisualizer.png | Bin 55768 -> 0 bytes
.../source/img/DbVisualizer_Driver_Manager.png | Bin 102328 -> 0 bytes
.../source/img/Extracted_Files.png | Bin 15061 -> 0 bytes
.../source/img/InstallComplete.png | Bin 19467 -> 0 bytes
.../source/img/InstallerWizardPaths.png | Bin 25831 -> 0 bytes
.../source/img/InstallerWizardWelcome.png | Bin 24394 -> 0 bytes
.../client_install/source/img/JDBC_JAR_Path.png | Bin 4552 -> 0 bytes
.../source/img/OptionalComponents.png | Bin 31715 -> 0 bytes
.../source/img/PerlJavaServerURL.png | Bin 3510 -> 0 bytes
.../source/img/Physical_Connection.png | Bin 147371 -> 0 bytes
.../img/Properties_for_Alias_SQuirreL.png | Bin 95544 -> 0 bytes
.../client_install/source/img/ProxySettings.png | Bin 2828 -> 0 bytes
.../source/img/TQW_control_options.png | Bin 12363 -> 0 bytes
docs/client_install/source/img/TQW_login.png | Bin 126619 -> 0 bytes
docs/client_install/source/img/TQW_logout.png | Bin 3049 -> 0 bytes
.../source/img/TQW_query_plan.png | Bin 83528 -> 0 bytes
docs/client_install/source/img/TQW_session.png | Bin 1983 -> 0 bytes
.../source/img/TQW_whiteboard.png | Bin 70729 -> 0 bytes
docs/client_install/source/img/path2.png | Bin 32134 -> 0 bytes
docs/client_install/source/img/varval2.png | Bin 13296 -> 0 bytes
docs/client_install/source/xml-profile.xml | 41 -
.../src/asciidoc/_chapters/SQuirrel.adoc | 70 +
.../src/asciidoc/_chapters/about.adoc | 175 +
.../src/asciidoc/_chapters/dbviz.adoc | 84 +
.../src/asciidoc/_chapters/introduction.adoc | 49 +
.../src/asciidoc/_chapters/jdbct4.adoc | 325 +
.../src/asciidoc/_chapters/odb.adoc | 99 +
.../src/asciidoc/_chapters/odbc_linux.adoc | 310 +
.../src/asciidoc/_chapters/odbc_windows.adoc | 239 +
.../src/asciidoc/_chapters/sample_prog.adoc | 75 +
.../src/asciidoc/_chapters/trafci.adoc | 473 +
docs/client_install/src/asciidoc/index.adoc | 80 +
.../src/images/Add_Alias_SQuirreL.jpg | Bin 0 -> 48082 bytes
.../src/images/Add_Driver_SQuirreL.jpg | Bin 0 -> 58950 bytes
.../Database_Connection_in_DbVisualizer.jpg | Bin 0 -> 58043 bytes
.../src/images/DbVisualizer_Driver_Manager.jpg | Bin 0 -> 80198 bytes
.../src/images/Extracted_Files.jpg | Bin 0 -> 28327 bytes
.../src/images/InstallComplete.jpg | Bin 0 -> 47365 bytes
.../src/images/InstallerWizardPaths.jpg | Bin 0 -> 77163 bytes
.../src/images/InstallerWizardWelcome.jpg | Bin 0 -> 53537 bytes
.../client_install/src/images/JDBC_JAR_Path.jpg | Bin 0 -> 18215 bytes
.../src/images/OptionalComponents.jpg | Bin 0 -> 71744 bytes
.../src/images/PerlJavaServerURL.jpg | Bin 0 -> 27662 bytes
.../src/images/Physical_Connection.jpg | Bin 0 -> 185241 bytes
.../images/Properties_for_Alias_SQuirreL.jpg | Bin 0 -> 84197 bytes
.../client_install/src/images/ProxySettings.jpg | Bin 0 -> 20985 bytes
.../src/images/TQW_control_options.jpg | Bin 0 -> 14642 bytes
docs/client_install/src/images/TQW_login.jpg | Bin 0 -> 51058 bytes
docs/client_install/src/images/TQW_logout.jpg | Bin 0 -> 7602 bytes
.../src/images/TQW_query_plan.jpg | Bin 0 -> 45607 bytes
docs/client_install/src/images/TQW_session.jpg | Bin 0 -> 5008 bytes
.../src/images/TQW_whiteboard.jpg | Bin 0 -> 43936 bytes
docs/client_install/src/images/path2.jpg | Bin 0 -> 57338 bytes
docs/client_install/src/images/varval2.jpg | Bin 0 -> 19505 bytes
.../src/resources/source/basicsql.cpp | 394 +
.../src/resources/source/build.bat | 25 +
.../client_install/src/resources/source/run.bat | 23 +
docs/command_interface/pom.xml | 264 +
.../Trafodion_Command_Interface_Guide.xml | 9846 -----
docs/command_interface/source/img/VST101.png | Bin 52396 -> 0 bytes
docs/command_interface/source/img/VST401.png | Bin 39217 -> 0 bytes
docs/command_interface/source/img/VST601.png | Bin 2355 -> 0 bytes
docs/command_interface/source/img/dpnvslf.png | Bin 36808 -> 0 bytes
docs/command_interface/source/img/envvar.png | Bin 26344 -> 0 bytes
docs/command_interface/source/img/instlcm1.png | Bin 5237 -> 0 bytes
.../command_interface/source/img/instlcm2.3.png | Bin 36015 -> 0 bytes
docs/command_interface/source/img/instlcm2.png | Bin 6316 -> 0 bytes
docs/command_interface/source/img/iwiz1.png | Bin 6701 -> 0 bytes
docs/command_interface/source/img/iwiz2.3.png | Bin 7705 -> 0 bytes
docs/command_interface/source/img/iwiz2.3b.png | Bin 7987 -> 0 bytes
docs/command_interface/source/img/iwiz2.3c.png | Bin 35606 -> 0 bytes
.../source/img/iwiz2.3comp.png | Bin 10358 -> 0 bytes
docs/command_interface/source/img/iwiz2.3d.png | Bin 4998 -> 0 bytes
docs/command_interface/source/img/iwiz2.3e.png | Bin 5714 -> 0 bytes
docs/command_interface/source/img/iwiz2.3f.png | Bin 12093 -> 0 bytes
docs/command_interface/source/img/iwiz2.3g.png | Bin 8425 -> 0 bytes
docs/command_interface/source/img/iwiz2.3h.png | Bin 8425 -> 0 bytes
docs/command_interface/source/img/iwiz2.3n.png | Bin 11522 -> 0 bytes
docs/command_interface/source/img/iwiz2.png | Bin 1360 -> 0 bytes
docs/command_interface/source/img/iwiz3.png | Bin 4777 -> 0 bytes
docs/command_interface/source/img/iwiz4.png | Bin 4753 -> 0 bytes
docs/command_interface/source/img/iwiz5.png | Bin 150880 -> 0 bytes
docs/command_interface/source/img/iwiz7.png | Bin 6061 -> 0 bytes
docs/command_interface/source/img/iwiz8.png | Bin 7022 -> 0 bytes
docs/command_interface/source/img/iwiz9.png | Bin 3433 -> 0 bytes
.../source/img/iwizediturl.png | Bin 3510 -> 0 bytes
.../command_interface/source/img/iwizone2.3.png | Bin 87777 -> 0 bytes
.../source/img/iwizopensource.png | Bin 10283 -> 0 bytes
.../source/img/iwizproxyset.png | Bin 2828 -> 0 bytes
docs/command_interface/source/img/java-opt.png | Bin 127106 -> 0 bytes
docs/command_interface/source/img/launch02.png | Bin 18206 -> 0 bytes
docs/command_interface/source/img/launchs1.png | Bin 3068 -> 0 bytes
docs/command_interface/source/img/log-file.png | Bin 8302 -> 0 bytes
docs/command_interface/source/img/logvar.png | Bin 39647 -> 0 bytes
.../command_interface/source/img/logvar_new.png | Bin 13368 -> 0 bytes
docs/command_interface/source/img/mycomp.png | Bin 13033 -> 0 bytes
.../source/img/new_iwiz2.3.png | Bin 7407 -> 0 bytes
.../source/img/new_iwiz2.3f.png | Bin 8632 -> 0 bytes
docs/command_interface/source/img/p-errlog.png | Bin 7387 -> 0 bytes
docs/command_interface/source/img/p-scrlog.png | Bin 4205 -> 0 bytes
docs/command_interface/source/img/path.png | Bin 5592 -> 0 bytes
docs/command_interface/source/img/path2.png | Bin 32134 -> 0 bytes
docs/command_interface/source/img/script.png | Bin 7142 -> 0 bytes
docs/command_interface/source/img/shortct1.png | Bin 27091 -> 0 bytes
docs/command_interface/source/img/shortct2.png | Bin 33784 -> 0 bytes
docs/command_interface/source/img/shortct3.png | Bin 30072 -> 0 bytes
docs/command_interface/source/img/shortct4.png | Bin 17710 -> 0 bytes
docs/command_interface/source/img/shortct5.png | Bin 30622 -> 0 bytes
docs/command_interface/source/img/sysprop.png | Bin 27422 -> 0 bytes
docs/command_interface/source/img/varval.png | Bin 10013 -> 0 bytes
docs/command_interface/source/img/varval2.png | Bin 13296 -> 0 bytes
docs/command_interface/source/img/winbin.png | Bin 53558 -> 0 bytes
docs/command_interface/source/img/zip2.3.png | Bin 15342 -> 0 bytes
docs/command_interface/source/img/zip2.3a.png | Bin 14073 -> 0 bytes
docs/command_interface/source/xml-profile.xml | 41 -
.../src/asciidoc/_chapters/about.adoc | 175 +
.../src/asciidoc/_chapters/commands.adoc | 4315 ++
.../src/asciidoc/_chapters/install.adoc | 99 +
.../src/asciidoc/_chapters/interactive.adoc | 941 +
.../src/asciidoc/_chapters/introduction.adoc | 34 +
.../src/asciidoc/_chapters/launch.adoc | 637 +
.../src/asciidoc/_chapters/perlpython.adoc | 258 +
.../src/asciidoc/_chapters/scripts.adoc | 164 +
docs/command_interface/src/asciidoc/index.adoc | 75 +
docs/command_interface/src/images/VST101.jpg | Bin 0 -> 49552 bytes
docs/command_interface/src/images/VST401.jpg | Bin 0 -> 37869 bytes
docs/command_interface/src/images/VST601.jpg | Bin 0 -> 17388 bytes
docs/command_interface/src/images/dpnvslf.jpg | Bin 0 -> 17215 bytes
docs/command_interface/src/images/envvar.jpg | Bin 0 -> 55944 bytes
docs/command_interface/src/images/instlcm1.jpg | Bin 0 -> 66629 bytes
.../command_interface/src/images/instlcm2.3.jpg | Bin 0 -> 16721 bytes
docs/command_interface/src/images/instlcm2.jpg | Bin 0 -> 84657 bytes
docs/command_interface/src/images/iwiz1.jpg | Bin 0 -> 61823 bytes
docs/command_interface/src/images/iwiz2.3.jpg | Bin 0 -> 73496 bytes
docs/command_interface/src/images/iwiz2.3b.jpg | Bin 0 -> 76467 bytes
docs/command_interface/src/images/iwiz2.3c.jpg | Bin 0 -> 18174 bytes
.../src/images/iwiz2.3comp.jpg | Bin 0 -> 76540 bytes
docs/command_interface/src/images/iwiz2.3d.jpg | Bin 0 -> 42750 bytes
docs/command_interface/src/images/iwiz2.3e.jpg | Bin 0 -> 39508 bytes
docs/command_interface/src/images/iwiz2.3f.jpg | Bin 0 -> 93285 bytes
docs/command_interface/src/images/iwiz2.3h.jpg | Bin 0 -> 67094 bytes
docs/command_interface/src/images/iwiz2.3n.jpg | Bin 0 -> 83274 bytes
docs/command_interface/src/images/iwiz2.jpg | Bin 0 -> 15025 bytes
docs/command_interface/src/images/iwiz3.jpg | Bin 0 -> 36199 bytes
docs/command_interface/src/images/iwiz4.jpg | Bin 0 -> 35220 bytes
docs/command_interface/src/images/iwiz5.jpg | Bin 0 -> 76695 bytes
docs/command_interface/src/images/iwiz7.jpg | Bin 0 -> 51256 bytes
docs/command_interface/src/images/iwiz8.jpg | Bin 0 -> 65627 bytes
docs/command_interface/src/images/iwiz9.jpg | Bin 0 -> 18671 bytes
.../src/images/iwizediturl.jpg | Bin 0 -> 27662 bytes
.../command_interface/src/images/iwizone2.3.jpg | Bin 0 -> 61060 bytes
.../src/images/iwizopensource.jpg | Bin 0 -> 74346 bytes
.../src/images/iwizproxyset.jpg | Bin 0 -> 20985 bytes
docs/command_interface/src/images/java-opt.jpg | Bin 0 -> 62772 bytes
docs/command_interface/src/images/launch02.jpg | Bin 0 -> 29749 bytes
docs/command_interface/src/images/launchs1.jpg | Bin 0 -> 21801 bytes
docs/command_interface/src/images/log-file.jpg | Bin 0 -> 82163 bytes
docs/command_interface/src/images/logvar.jpg | Bin 0 -> 18400 bytes
.../command_interface/src/images/logvar_new.jpg | Bin 0 -> 20451 bytes
docs/command_interface/src/images/mycomp.jpg | Bin 0 -> 23996 bytes
.../src/images/new_iwiz2.3.jpg | Bin 0 -> 79083 bytes
docs/command_interface/src/images/p-errlog.jpg | Bin 0 -> 94633 bytes
docs/command_interface/src/images/p-scrlog.jpg | Bin 0 -> 34198 bytes
docs/command_interface/src/images/path.jpg | Bin 0 -> 50183 bytes
docs/command_interface/src/images/path2.jpg | Bin 0 -> 57338 bytes
docs/command_interface/src/images/script.jpg | Bin 0 -> 66933 bytes
docs/command_interface/src/images/shortct1.jpg | Bin 0 -> 61270 bytes
docs/command_interface/src/images/shortct2.jpg | Bin 0 -> 57414 bytes
docs/command_interface/src/images/shortct3.jpg | Bin 0 -> 39950 bytes
docs/command_interface/src/images/shortct4.jpg | Bin 0 -> 42194 bytes
docs/command_interface/src/images/shortct5.jpg | Bin 0 -> 63636 bytes
docs/command_interface/src/images/sysprop.jpg | Bin 0 -> 63444 bytes
docs/command_interface/src/images/varval.jpg | Bin 0 -> 20590 bytes
docs/command_interface/src/images/varval2.jpg | Bin 0 -> 19505 bytes
docs/command_interface/src/images/winbin.jpg | Bin 0 -> 60550 bytes
docs/command_interface/src/images/zip2.3.jpg | Bin 0 -> 64722 bytes
docs/command_interface/src/images/zip2.3a.jpg | Bin 0 -> 78101 bytes
docs/css/trafodion-manuals.css | 431 +
docs/css/trafodion-theme.yml | 75 +
docs/install_guide/pom.xml | 219 +
.../src/asciidoc/_chapters/about.adoc | 131 +
.../src/asciidoc/_chapters/dev_install.adoc | 26 +
.../src/asciidoc/_chapters/howto.adoc | 26 +
.../src/asciidoc/_chapters/product_install.adoc | 26 +
.../src/asciidoc/_chapters/requirements.adoc | 26 +
docs/install_guide/src/asciidoc/index.adoc | 69 +
docs/odb_manual/Trafodion_odb_User_Guide.xml | 181 -
docs/odb_user/pom.xml | 264 +
.../src/asciidoc/_chapters/a_warnings.adoc | 101 +
docs/odb_user/src/asciidoc/_chapters/about.adoc | 182 +
.../src/asciidoc/_chapters/b_develop.adoc | 50 +
.../src/asciidoc/_chapters/compare_tables.adoc | 202 +
.../src/asciidoc/_chapters/concepts.adoc | 941 +
.../src/asciidoc/_chapters/install.adoc | Bin 0 -> 13594 bytes
.../src/asciidoc/_chapters/introduction.adoc | 50 +
docs/odb_user/src/asciidoc/_chapters/load.adoc | 1229 +
.../src/asciidoc/_chapters/query_driver.adoc | 274 +
.../src/asciidoc/_chapters/sql_interpreter.adoc | 363 +
docs/odb_user/src/asciidoc/index.adoc | 75 +
docs/odb_user/src/images/sql_ansi_colors.jpg | Bin 0 -> 20035 bytes
docs/sql_reference/pom.xml | 268 +
.../source/Trafodion_SQL_Reference_Manual.xml | 37555 -----------------
docs/sql_reference/source/xml-profile.xml | 42 -
.../src/asciidoc/_chapters/about.adoc | 240 +
.../src/asciidoc/_chapters/cqds.adoc | 349 +
.../src/asciidoc/_chapters/introduction.adoc | 515 +
.../src/asciidoc/_chapters/limits.adoc | 37 +
.../src/asciidoc/_chapters/olap_functions.adoc | 1079 +
.../src/asciidoc/_chapters/reserved_words.adoc | 287 +
.../src/asciidoc/_chapters/runtime_stats.adoc | 1354 +
.../src/asciidoc/_chapters/sql_clauses.adoc | 1432 +
.../sql_functions_and_expressions.adoc | 7885 ++++
.../_chapters/sql_language_elements.adoc | 4088 ++
.../src/asciidoc/_chapters/sql_statements.adoc | 8465 ++++
.../src/asciidoc/_chapters/sql_utilities.adoc | 1028 +
docs/sql_reference/src/asciidoc/index.adoc | 80 +
docs/src/site/markdown/develop.md | 8 +
docs/src/site/markdown/document.md | 222 +-
docs/src/site/markdown/documentation.md | 23 +-
docs/src/site/markdown/download.md | 7 +-
docs/src/site/markdown/index.md | 20 +
docs/src/site/site.xml | 1 +
install/installer/cloud_cli_setup | 16 +-
install/installer/dcs_installer | 3 +-
248 files changed, 41854 insertions(+), 51536 deletions(-)
----------------------------------------------------------------------
[2/5] incubator-trafodion git commit: Privilege fixes for
TRAFODION-12, TRAFODION-1761, and TRAFODION-1773
Posted by rm...@apache.org.
Privilege fixes for TRAFODION-12, TRAFODION-1761, and TRAFODION-1773
TRAFODION-12 Grant Revoke Enhancements
-- Revoke: added code to verify that when column privileges are revoked then
the remaining grants are is still intact. It does this by starting at the
beginning of the privilege tree and rebuilding it from top to bottom with
the requested privilege changes. If the revoke causes part of the tree to
be unaccessible (a broken branch), the revoke operation fails.
TRAFODION-1761 Grant and Revoke on table with referencing views does not work
-- When granting INSERT, UPDATE, or DELETE object privilege(s) on a table that
is referenced by one or more views, then the privilege should be granted on
any updatable views that reference the table. The grant request to the these
views should be executed as though the current user is _SYSTEM. Similarily
for revokes.
-- If the grant is performed that adds the WITH GRANT OPTION, then
the WITH GRANT OPTION is to be added to the referencing views. The
grant request should be executed as though the current user is _SYSTEM.
Similarily for revokes.
-- The problem was caused by the incorrect grantor being processed. So, added
a new field to the ObjectUsage structure that tells grant/revoke that
the grantor should be the system user. Also added change to not propagate
update privileges on non updatable views.
-- The checkin fixes object privileges; however, work is still needed to
support column level privileges and a mix between column and object level.
TRAFODION-1773 Internal error to revoke role with restrict option when there is
dependent view
-- There code (PrivMgrRoles) that determines if a specific user that owns
objects whose existence depend upon a privilege granted to the specified role
can be revoked. This code did not consider views as a referenced object type
Cleaned up PrivMgrDesc.h & PrivMgrDesc.cpp:
-- remove unused grantee field
-- added columnOrdinal which will be used to fix column privs for TRAFODION 1761
-- replaced std::bitset<NBR_OF_PRIVS> with the define PrivMgrBitmap
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/8652aeb8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/8652aeb8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/8652aeb8
Branch: refs/heads/master
Commit: 8652aeb8294f525ca004ae872bd96d3c4158905b
Parents: 3569255
Author: Roberta Marton <ro...@apache.org>
Authored: Sat Jan 23 00:12:12 2016 +0000
Committer: Roberta Marton <ro...@apache.org>
Committed: Sat Jan 23 00:12:12 2016 +0000
----------------------------------------------------------------------
core/sql/regress/privs1/EXPECTED141 | Bin 78469 -> 92809 bytes
core/sql/regress/privs1/TEST141 | 65 +++
core/sql/regress/privs2/EXPECTED135 | 84 ++-
core/sql/regress/privs2/EXPECTED140 | 10 +-
core/sql/regress/privs2/TEST135 | 54 +-
core/sql/regress/tools/runregr_privs1.ksh | 3 -
core/sql/regress/tools/runregr_privs2.ksh | 5 -
core/sql/sqlcomp/PrivMgrDesc.h | 51 +-
core/sql/sqlcomp/PrivMgrMD.cpp | 30 +-
core/sql/sqlcomp/PrivMgrMD.h | 9 +-
core/sql/sqlcomp/PrivMgrObjects.cpp | 52 ++
core/sql/sqlcomp/PrivMgrObjects.h | 4 +
core/sql/sqlcomp/PrivMgrPrivileges.cpp | 685 +++++++++++++++++++------
core/sql/sqlcomp/PrivMgrPrivileges.h | 39 +-
core/sql/sqlcomp/PrivMgrRoles.cpp | 1 +
15 files changed, 869 insertions(+), 223 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/privs1/EXPECTED141
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs1/EXPECTED141 b/core/sql/regress/privs1/EXPECTED141
index 6c0717e..528f189 100644
Binary files a/core/sql/regress/privs1/EXPECTED141 and b/core/sql/regress/privs1/EXPECTED141 differ
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/privs1/TEST141
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs1/TEST141 b/core/sql/regress/privs1/TEST141
index 5c8c6da..8011c21 100755
--- a/core/sql/regress/privs1/TEST141
+++ b/core/sql/regress/privs1/TEST141
@@ -38,6 +38,7 @@ obey TEST141(test_private_user);
obey TEST141(test_private_role);
obey TEST141(test_shared_user);
obey TEST141(test_shared_role);
+obey TEST141(test_view_priv_propagation);
log;
obey TEST141(clean_up);
exit;
@@ -315,6 +316,57 @@ sh sqlci -i "TEST141(user2_objects)" -u sql_user2;
execute get_obj_privs;
-- ============================================================================
+?section test_view_priv_propagation
+-- ============================================================================
+values (user);
+
+-- remove schemas
+drop schema if exists t141_user1 cascade;
+drop schema if exists t141_user2 cascade;
+drop schema if exists t141_user3 cascade;
+
+-- setup database with private schemas owned by users
+create schema t141_user1 authorization sql_user1;
+create schema t141_user2 authorization sql_user2;
+
+-- create some tables owned by user1
+set schema t141_user1;
+create table u1t1 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t1 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+create table u1t2 (c1 int not null primary key, c2 int, c3 int);
+insert into u1t2 values (1,1,1), (2,2,2), (3,3,3), (4,4,4), (5,5,5);
+
+-- grant privileges to sql_user2 on tables
+grant select, delete on u1t1 to sql_user2;
+grant select, delete on u1t2 to sql_user2 with grant option;
+
+execute get_obj_privs;
+
+-- user2 creates some views
+sh sqlci -i "TEST141(user2_views)" -u sql_user2;
+
+execute get_obj_privs;
+
+-- user1 grants insert privilege on tables
+grant insert on u1t1 to sql_user2;
+grant insert on u1t2 to sql_user2 with grant option;
+
+execute get_obj_privs;
+
+-- remove with grant option for some privileges
+revoke grant option for insert, delete on u1t2 from sql_user2;
+execute get_obj_privs;
+
+-- Add back the with grant option for delete
+grant delete on u1t2 to sql_user2 with grant option;
+execute get_obj_privs;
+
+-- Remove insert, and delete entirely
+revoke insert, delete on u1t1 from sql_user2;
+revoke insert, delete on u1t2 from sql_user2;
+execute get_obj_privs;
+
+-- ============================================================================
?section user1_objects
-- ============================================================================
-- executed by sql_user1
@@ -392,3 +444,16 @@ create view u3v4 as select c1, c3 from t141_user1.u1t4;
create view u3v5 as select c1, c3 from t141_user1.u1t3;
get tables;
get views;
+
+-- ============================================================================
+?section user2_views
+-- ============================================================================
+-- executed by sql_user2
+log LOG141;
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+values (user);
+set schema t141_user2;
+
+create view u2v1 as select * from t141_user1.u1t1;
+create view u2v2 as select * from t141_user1.u1t2;
+
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/privs2/EXPECTED135
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs2/EXPECTED135 b/core/sql/regress/privs2/EXPECTED135
index 13405a2..0d8b0f6 100644
--- a/core/sql/regress/privs2/EXPECTED135
+++ b/core/sql/regress/privs2/EXPECTED135
@@ -34,7 +34,7 @@ SCHEMA_PRIVILEGES
+>from "_PRIVMGR_MD_".object_privileges
+>where
+> object_name in ('TRAFODION.T135SCH.T135_T1', 'TRAFODION.T135SCH.T135_T2', 'TRAFODION.T135SCH.T135_V1', 'TRAFODION.T135SCH.T135_V2', 'TRAFODION.T135SCH.T135_L1', 'TRAFODION.T135SCH.T135_L2', 'TRAFODION.T135SCH.T135_SESSIONIZE', 'TRAFODION.T135SCH.T135_ADD2')
-+>for read uncommitted access;
++>order by 1,3,2 for read uncommitted access;
--- SQL command prepared.
>>
@@ -161,8 +161,8 @@ OBJECT_NAME
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
TRAFODION.T135SCH.T135_T1 DB__ROOT _SYSTEM
-TRAFODION.T135SCH.T135_V1 DB__ROOT _SYSTEM
TRAFODION.T135SCH.T135_T2 DB__ROOT _SYSTEM
+TRAFODION.T135SCH.T135_V1 DB__ROOT _SYSTEM
--- 3 row(s) selected.
>>
@@ -569,6 +569,71 @@ End of MXCI Session
End of MXCI Session
>>
+>>-- create some roles
+>>create role t135_role1;
+
+--- SQL operation complete.
+>>create role t135_role2;
+
+--- SQL operation complete.
+>>grant role t135_role1, t135_role2 to sql_user4;
+
+--- SQL operation complete.
+>>grant select on t135_t1 to t135_role1;
+
+--- SQL operation complete.
+>>grant select on t135_v1_t1 to t135_role2;
+
+--- SQL operation complete.
+>>
+>>-- have sql_user4 create a view based on role privs
+>>create schema if not exists t135sch_user4 authorization sql_user4;
+
+--- SQL operation complete.
+>>sh sqlci -i "TEST135(user4_views)" -u sql_user4;
+>>create view t135_v1_user4 as
++> select t135sch.t135_t1.c2, t135sch.t135_v1_t1.c1
++> from t135sch.t135_t1, t135sch.t135_v1_t1;
+
+--- SQL operation complete.
+>>showddl t135_v1_user4;
+
+CREATE VIEW TRAFODION.T135SCH_USER4.T135_V1_USER4 AS
+ SELECT TRAFODION.T135SCH.T135_T1.C2, TRAFODION.T135SCH.T135_V1_T1.C1 FROM
+ TRAFODION.T135SCH.T135_T1, TRAFODION.T135SCH.T135_V1_T1 ;
+
+-- GRANT SELECT ON TRAFODION.T135SCH_USER4.T135_V1_USER4 TO SQL_USER4;
+
+--- SQL operation complete.
+>>
+>>exit;
+
+End of MXCI Session
+
+>>
+>>-- should not be able to revoke user4 from role
+>>revoke role t135_role1 from sql_user4;
+
+*** ERROR[1364] Cannot revoke role T135_ROLE1. Object TRAFODION.T135SCH_USER4.T135_V1_USER4 depends on privileges on object TRAFODION.T135SCH.T135_T1.
+
+--- SQL operation failed with errors.
+>>revoke role t135_role2 from sql_user4;
+
+*** ERROR[1364] Cannot revoke role T135_ROLE2. Object TRAFODION.T135SCH_USER4.T135_V1_USER4 depends on privileges on object TRAFODION.T135SCH.T135_V1_T1.
+
+--- SQL operation failed with errors.
+>>
+>>-- after droppping the view, revokes succeed
+>>drop view t135sch_user4.t135_v1_user4;
+
+--- SQL operation complete.
+>>revoke role t135_role1 from sql_user4;
+
+--- SQL operation complete.
+>>revoke role t135_role2 from sql_user4;
+
+--- SQL operation complete.
+>>
>>drop table t135_t1 cascade;
--- SQL operation complete.
@@ -576,6 +641,13 @@ End of MXCI Session
--- SQL operation complete.
>>
+>>drop role t135_role1;
+
+--- SQL operation complete.
+>>drop role t135_role2;
+
+--- SQL operation complete.
+>>
>>obey TEST135(constraint_tests);
>>-- ============================================================================
>>set schema t135sch;
@@ -647,6 +719,8 @@ CREATE TABLE TRAFODION.T135SCH_USER3.T135_T3
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH_USER3.T135_T3 TO SQL_USER3 WITH GRANT OPTION;
--- SQL operation complete.
+>>
+>>-- ============================================================================
>>exit;
End of MXCI Session
@@ -697,6 +771,8 @@ ALTER TABLE TRAFODION.T135SCH_USER3.T135_T3 ADD CONSTRAINT
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH_USER3.T135_T3 TO SQL_USER3 WITH GRANT OPTION;
--- SQL operation complete.
+>>
+>>-- ============================================================================
>>exit;
End of MXCI Session
@@ -800,6 +876,8 @@ CREATE TABLE TRAFODION.T135SCH_USER3.T135_T3
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH_USER3.T135_T3 TO SQL_USER3 WITH GRANT OPTION;
--- SQL operation complete.
+>>
+>>-- ============================================================================
>>exit;
End of MXCI Session
@@ -851,6 +929,8 @@ ALTER TABLE TRAFODION.T135SCH_USER3.T135_T3 ADD CONSTRAINT
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T135SCH_USER3.T135_T3 TO SQL_USER3 WITH GRANT OPTION;
--- SQL operation complete.
+>>
+>>-- ============================================================================
>>exit;
End of MXCI Session
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/privs2/EXPECTED140
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs2/EXPECTED140 b/core/sql/regress/privs2/EXPECTED140
index a7ee967..052709f 100644
--- a/core/sql/regress/privs2/EXPECTED140
+++ b/core/sql/regress/privs2/EXPECTED140
@@ -4,12 +4,12 @@ Current Environment
----------------------------------
AUTHENTICATION disabled
AUTHORIZATION enabled
-CURRENT DIRECTORY /opt/home/rmarton/git_ws/core/sql/regress/rundir/catman1
+CURRENT DIRECTORY /mnt/rmarton/gitws/incubator-trafodion/core/sql/regress/rundir/privs2
LIST_COUNT 4294967295
LOG FILE LOG140
-MESSAGEFILE /opt/home/rmarton/git_ws/core/sqf/export/bin64d/mxcierr ...
+MESSAGEFILE /mnt/rmarton/gitws/incubator-trafodion/core/sqf/export/ ...
MESSAGEFILE LANG US English
-MESSAGEFILE VRSN {2015-05-22 10:41 LINUX:G4T3035.HOUSTON.HP.COM/rmarton}
+MESSAGEFILE VRSN {2016-01-21 17:33 LINUX:EDEV05/rmarton}
SQL CATALOG TRAFODION
SQL SCHEMA SCH
SQL USER CONNECTED user not connected
@@ -830,7 +830,7 @@ End of MXCI Session
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
---------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
-TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLA VI -2 SQL_USER2 SI-----� SI-----�
+TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLA VI -2 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI -2 DB__ROOT S----R-� S----R-�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
@@ -899,7 +899,7 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
---------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
-TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLA VI -2 SQL_USER2 SI-----� SI-----�
+TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLA VI -2 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI -2 DB__ROOT S----R-� S----R-�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/privs2/TEST135
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs2/TEST135 b/core/sql/regress/privs2/TEST135
index d15e99d..fb71235 100755
--- a/core/sql/regress/privs2/TEST135
+++ b/core/sql/regress/privs2/TEST135
@@ -22,7 +22,7 @@
--
-- @@@ END COPYRIGHT @@@
--
--- This test uses users sql_user1, sql_user2, and sql_user3
+-- This test uses users sql_user1, sql_user2, sql_user3, and sql_user4
--
-- Makes sure privileges are granted correctly for new objects
-- Makes sure privileges are revoked correctly for dropped objects
@@ -34,17 +34,6 @@
-- ============================================================================
obey TEST135(clean_up);
-set parserflags 64;
-register user sql_user1;
-register user sql_user2;
-register user sql_user3;
-register user sql_user4;
-register user sql_user5;
-register user sql_user6;
-register user sql_user7;
-register user sql_user8;
-register user sql_user9;
-register user sql_user10;
cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
log LOG135 clear;
sh rm -f LOG135-SECONDARY;
@@ -66,6 +55,10 @@ drop table_mapping function sessionize;
-- drop database
drop schema t135sch cascade;
drop schema t135sch_user3 cascade;
+drop schema t135sch_user4 cascade;
+
+drop role t135_role1;
+drop role t135_role2;
?section set_up
-- ============================================================================
@@ -87,7 +80,7 @@ select object_name, grantee_name, grantor_name
from "_PRIVMGR_MD_".object_privileges
where
object_name in ('TRAFODION.T135SCH.T135_T1', 'TRAFODION.T135SCH.T135_T2', 'TRAFODION.T135SCH.T135_V1', 'TRAFODION.T135SCH.T135_V2', 'TRAFODION.T135SCH.T135_L1', 'TRAFODION.T135SCH.T135_L2', 'TRAFODION.T135SCH.T135_SESSIONIZE', 'TRAFODION.T135SCH.T135_ADD2')
-for read uncommitted access;
+order by 1,3,2 for read uncommitted access;
?section tbl_tests
-- ============================================================================
@@ -219,9 +212,32 @@ revoke all on t135_t1 from sql_user3;
sh sqlci -i "TEST135(user3_drops)" -u sql_user3;
+-- create some roles
+create role t135_role1;
+create role t135_role2;
+grant role t135_role1, t135_role2 to sql_user4;
+grant select on t135_t1 to t135_role1;
+grant select on t135_v1_t1 to t135_role2;
+
+-- have sql_user4 create a view based on role privs
+create schema if not exists t135sch_user4 authorization sql_user4;
+sh sqlci -i "TEST135(user4_views)" -u sql_user4;
+
+-- should not be able to revoke user4 from role
+revoke role t135_role1 from sql_user4;
+revoke role t135_role2 from sql_user4;
+
+-- after droppping the view, revokes succeed
+drop view t135sch_user4.t135_v1_user4;
+revoke role t135_role1 from sql_user4;
+revoke role t135_role2 from sql_user4;
+
drop table t135_t1 cascade;
drop table t135_t2 cascade;
+drop role t135_role1;
+drop role t135_role2;
+
?section constraint_tests
-- ============================================================================
set schema t135sch;
@@ -463,3 +479,15 @@ set schema t135sch_user3;
log LOG135;
alter table t135_t3 add constraint t1_t3 foreign key (c1) references t135sch.t135_t1;
showddl t135_t3;
+
+-- ============================================================================
+?section user4_views
+-- ============================================================================
+cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
+set schema t135sch_user4;
+log LOG135;
+create view t135_v1_user4 as
+ select t135sch.t135_t1.c2, t135sch.t135_v1_t1.c1
+ from t135sch.t135_t1, t135sch.t135_v1_t1;
+showddl t135_v1_user4;
+
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/tools/runregr_privs1.ksh
----------------------------------------------------------------------
diff --git a/core/sql/regress/tools/runregr_privs1.ksh b/core/sql/regress/tools/runregr_privs1.ksh
index 09eb9d2..7198c90 100755
--- a/core/sql/regress/tools/runregr_privs1.ksh
+++ b/core/sql/regress/tools/runregr_privs1.ksh
@@ -184,9 +184,6 @@ fi
#-------------------------------------------------------
skipTheseTests="TEST132"
-#skip these tests for Seabase
-skipTheseTests="$skipTheseTests"
-
testfiles="$prettyfiles"
prettyfiles=
skippedfiles=
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/regress/tools/runregr_privs2.ksh
----------------------------------------------------------------------
diff --git a/core/sql/regress/tools/runregr_privs2.ksh b/core/sql/regress/tools/runregr_privs2.ksh
index 5d9ea05..af75f3b 100755
--- a/core/sql/regress/tools/runregr_privs2.ksh
+++ b/core/sql/regress/tools/runregr_privs2.ksh
@@ -184,11 +184,6 @@ fi
#-------------------------------------------------------
skipTheseTests=""
-#skip these tests for Seabase
-if [ "$seabase" -ne 0 ]; then
- skipTheseTests="$skipTheseTests"
-fi
-
testfiles="$prettyfiles"
prettyfiles=
skippedfiles=
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrDesc.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrDesc.h b/core/sql/sqlcomp/PrivMgrDesc.h
index 53a3c38..ce325e1 100644
--- a/core/sql/sqlcomp/PrivMgrDesc.h
+++ b/core/sql/sqlcomp/PrivMgrDesc.h
@@ -26,6 +26,7 @@
#include <bitset>
#include <string>
+#include <vector>
#include "PrivMgrMDDefs.h"
#include "PrivMgrDefs.h"
#include "ComSmallDefs.h"
@@ -145,18 +146,30 @@ class PrivMgrCoreDesc
{
priv_.reset();
wgo_.reset();
+ columnOrdinal_ = -1;
}
- PrivMgrCoreDesc(std::bitset<NBR_OF_PRIVS> privBits,
- std::bitset<NBR_OF_PRIVS> wgoBits)
+ PrivMgrCoreDesc(PrivMgrBitmap privBits,
+ PrivMgrBitmap wgoBits)
: priv_(privBits)
, wgo_(wgoBits)
+ , columnOrdinal_ (-1)
{}
+ PrivMgrCoreDesc(PrivMgrBitmap privBits,
+ PrivMgrBitmap wgoBits,
+ int32_t columnOrdinal)
+ : priv_(privBits)
+ , wgo_(wgoBits)
+ , columnOrdinal_ (columnOrdinal)
+ {}
+
+
PrivMgrCoreDesc(const PrivMgrCoreDesc&other) // copy constructor
{
priv_ = other.priv_;
wgo_ = other.wgo_;
+ columnOrdinal_ = other.columnOrdinal_;
}
virtual ~PrivMgrCoreDesc() // destructor
@@ -245,12 +258,14 @@ class PrivMgrCoreDesc
// -------------------------------------------------------------------
// Accessors:
// -------------------------------------------------------------------
- std::bitset<NBR_OF_PRIVS> getPrivBitmap (void) const { return priv_; }
+ PrivMgrBitmap getPrivBitmap (void) const { return priv_; }
bool getPriv(const PrivType which) const { return priv_.test(which); }
- std::bitset<NBR_OF_PRIVS> getWgoBitmap (void) const { return wgo_; }
+ PrivMgrBitmap getWgoBitmap (void) const { return wgo_; }
bool getWgo(const PrivType which) const { return wgo_.test(which); }
+ int32_t getColumnOrdinal (void) const { return columnOrdinal_; }
+
// -------------------------------------------------------------------
// Mutators:
// -------------------------------------------------------------------
@@ -304,11 +319,18 @@ class PrivMgrCoreDesc
setWgo(EXECUTE_PRIV, wgo);
}
+ inline void setColumnOrdinal( const int32_t columnOrdinal ) { columnOrdinal_ = columnOrdinal; }
+ inline void setPrivBitmap (PrivMgrBitmap priv) { priv_ = priv; }
+ inline void setWgoBitmap (PrivMgrBitmap wgo) { wgo_ = wgo; }
+
+
+
private:
- std::bitset<NBR_OF_PRIVS> priv_; // Bit == True if the privilege is held.
+ PrivMgrBitmap priv_; // Bit == True if the privilege is held.
- std::bitset<NBR_OF_PRIVS> wgo_; // == True if the priv is held grantable.
+ PrivMgrBitmap wgo_; // == True if the priv is held grantable.
+ int32_t columnOrdinal_;
// Private helper function to interpret changes to specified privs.
void interpretChanges( const bool before, // in
@@ -344,27 +366,23 @@ class PrivMgrDesc
public:
PrivMgrDesc(const PrivMgrDesc&other) // copy constructor
- : tableLevel_(other.tableLevel_),
- grantee_(other.grantee_)
+ : tableLevel_(other.tableLevel_)
{}
PrivMgrDesc(const int32_t grantee,
const int32_t nbrCols = 0 // preset constructor
)
: tableLevel_()
- , grantee_ (grantee)
{}
//PrivMgrDesc(const int32_t nbrCols); // preset constructor
PrivMgrDesc(const PrivMgrDesc &privs, // preset constructor
const int32_t grantee)
- : tableLevel_(privs.tableLevel_),
- grantee_(grantee)
+ : tableLevel_(privs.tableLevel_)
{}
PrivMgrDesc(void)
: tableLevel_()
- , grantee_(0)
{}
virtual ~PrivMgrDesc() // destructor
@@ -379,7 +397,6 @@ public:
tableLevel_ = other.tableLevel_;
//columnLevel_ = other.columnLevel_;
- grantee_ = other.grantee_;
return *this;
}
@@ -392,7 +409,7 @@ public:
if ( this == &other )
return TRUE;
- return ( ( grantee_ == other.grantee_) &&
+ return (
// ( columnLevel_ == other.columnLevel_ ) &&
( tableLevel_ == other.tableLevel_ ) );
}
@@ -440,7 +457,6 @@ public:
// Accessors
- int32_t getGrantee() const { return grantee_; }
PrivMgrCoreDesc getTablePrivs() const { return tableLevel_;}
PrivMgrCoreDesc & fetchTablePrivs();
bool getOneTablePriv(const PrivType which) const;
@@ -584,9 +600,8 @@ CatPrivs::PrivResult applyTableGrants(const int64_t objectUID,
// Data members
private:
- PrivMgrCoreDesc tableLevel_;
- //PrivMgrCoreDesc columnLevel_;
- int32_t grantee_;
+ PrivMgrCoreDesc tableLevel_;
+ std::vector<PrivMgrCoreDesc> columnLevel_;
};
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrMD.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrMD.cpp b/core/sql/sqlcomp/PrivMgrMD.cpp
index c04c778..849a1fb 100644
--- a/core/sql/sqlcomp/PrivMgrMD.cpp
+++ b/core/sql/sqlcomp/PrivMgrMD.cpp
@@ -151,21 +151,19 @@ PrivStatus PrivMgrMDAdmin::initializeComponentPrivileges()
{
-// First, let's start with a clean slate. Drop all components as well as
-// their respective operations and and any privileges granted. This should be
-// a NOP unless PrivMgr metadata was damaged and reintialization is occurring.
-
-PrivMgrComponents components(metadataLocation_,pDiags_);
-
- components.dropAll();
-
// Next, register the component.
PrivStatus privStatus = STATUS_GOOD;
+ // First, let's start with a clean slate. Drop all components as well as
+ // their respective operations and and any privileges granted. This should be
+ // a NOP unless PrivMgr metadata was damaged and reintialization is occurring.
+ PrivMgrComponents components(metadataLocation_,pDiags_);
+ components.dropAll();
+
privStatus = components.registerComponentInternal(SQL_OPERATION_NAME,
- SQL_OPERATIONS_COMPONENT_UID,
- true,"Component for SQL operations");
+ SQL_OPERATIONS_COMPONENT_UID,
+ true, "Component for SQL operations");
if (privStatus != STATUS_GOOD)
return STATUS_ERROR;
@@ -525,7 +523,7 @@ bool PrivMgrMDAdmin::isAuthorized (void)
// method: getViewsThatReferenceObject
//
// this method gets the list of views associated with the passed in
-// objectUID that are owned by the objectOwner.
+// objectUID that are owned by the granteeID.
// ****************************************************************************
PrivStatus PrivMgrMDAdmin::getViewsThatReferenceObject (
const ObjectUsage &objectUsage,
@@ -536,7 +534,7 @@ PrivStatus PrivMgrMDAdmin::getViewsThatReferenceObject (
std::string viewsMDTable = trafMetadataLocation_ + ".VIEWS v";
std::string roleUsageMDTable = metadataLocation_ + ".ROLE_USAGE";
- // Select all the views that are referenced by the table or view owned by the objectOwner
+ // Select all the views that are referenced by the table or view owned by the granteeID
std::string selectStmt = "select o.object_uid, o.object_owner, o.catalog_name, o.schema_name, o.object_name, v.is_insertable, v.is_updatable from ";
selectStmt += objectMDTable;
selectStmt += ", ";
@@ -551,11 +549,11 @@ PrivStatus PrivMgrMDAdmin::getViewsThatReferenceObject (
// only return rows where user owns the view either directly or through one of
// their granted roles
selectStmt += " and (o.object_owner = ";
- selectStmt += UIDToString(objectUsage.objectOwner);
+ selectStmt += UIDToString(objectUsage.granteeID);
selectStmt += " or o.object_owner in (select role_id from ";
selectStmt += roleUsageMDTable;
selectStmt += " where grantee_id = ";
- selectStmt += UIDToString(objectUsage.objectOwner);
+ selectStmt += UIDToString(objectUsage.granteeID);
selectStmt += ")) order by o.create_time ";
@@ -746,11 +744,11 @@ PrivStatus PrivMgrMDAdmin::getUdrsThatReferenceLibrary(
selectStmt += UIDToString(objectUsage.objectUID);
selectStmt += " and u.used_udr_uid = o.object_uid ";
selectStmt += " and (o.object_owner = ";
- selectStmt += UIDToString(objectUsage.objectOwner);
+ selectStmt += UIDToString(objectUsage.granteeID);
selectStmt += " or o.object_owner in (select role_id from ";
selectStmt += roleUsageMDTable;
selectStmt += " where grantee_id = ";
- selectStmt += UIDToString(objectUsage.objectOwner);
+ selectStmt += UIDToString(objectUsage.granteeID);
selectStmt += ")) order by o.create_time ";
ExeCliInterface cliInterface(STMTHEAP, NULL, NULL,
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrMD.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrMD.h b/core/sql/sqlcomp/PrivMgrMD.h
index 017dc9a..c765d7d 100644
--- a/core/sql/sqlcomp/PrivMgrMD.h
+++ b/core/sql/sqlcomp/PrivMgrMD.h
@@ -62,7 +62,8 @@ class PrivMgrMDAdmin;
// -----------------------------------------------------------------------
typedef struct {
int64_t objectUID;
- int32_t objectOwner;
+ int32_t granteeID;
+ bool grantorIsSystem;
std::string objectName;
ComObjectType objectType;
PrivMgrDesc originalPrivs;
@@ -78,8 +79,10 @@ typedef struct {
details += to_string((long long int) objectUID);
details += ", name is ";
details += objectName;
- details += ", owner is ";
- details += to_string((long long int) objectOwner);
+ details += ", grantee is ";
+ details += to_string((long long int) granteeID);
+ details += ", is owner ";
+ details += (grantorIsSystem) ? "true " : "false ";
}
} ObjectUsage;
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrObjects.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrObjects.cpp b/core/sql/sqlcomp/PrivMgrObjects.cpp
index 6fce715..ab7ea5d 100644
--- a/core/sql/sqlcomp/PrivMgrObjects.cpp
+++ b/core/sql/sqlcomp/PrivMgrObjects.cpp
@@ -344,6 +344,58 @@ std::string whereClause(" WHERE CATALOG_NAME = '");
+// *****************************************************************************
+// * *
+// * Function: PrivMgrObjects::fetchObjectOwner *
+// * *
+// * Returns the object owner ID for the object that matches the unique ID *
+// * *
+// *****************************************************************************
+// * *
+// * Parameters: *
+// * *
+// * *
+// * <objectUID> const int64_t In *
+// * is the unique ID representing the object. *
+// * *
+// * <objectOwner> int32_t & Out *
+// * passes back the object owner ID. *
+// * *
+// *****************************************************************************
+// * *
+// * Returns: PrivStatus *
+// * *
+// * STATUS_GOOD: The object owner was returned. *
+// * STATUS_ERROR: Theo object owner was not returned. CLI error is put into *
+// * the diags area. *
+// * *
+// *****************************************************************************
+
+PrivStatus PrivMgrObjects::fetchObjectOwner(
+ const int64_t objectUID,
+ int32_t & objectOwner)
+
+{
+
+MyTable &myTable = static_cast<MyTable &>(myTable_);
+MyRow row(fullTableName_);
+
+std::string whereClause(" WHERE OBJECT_UID = ");
+
+ whereClause += UIDToString(objectUID);
+
+PrivStatus privStatus = myTable.selectWhereUnique(whereClause,row);
+
+ if (privStatus != STATUS_GOOD)
+ return STATUS_ERROR;
+
+ objectOwner = row.objectOwner_;
+
+ return STATUS_GOOD;
+
+}
+//****************** End of PrivMgrObjects::fetchObjectOwner *****************
+
// *****************************************************************************
// * *
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrObjects.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrObjects.h b/core/sql/sqlcomp/PrivMgrObjects.h
index 11e0863..33e7c3e 100644
--- a/core/sql/sqlcomp/PrivMgrObjects.h
+++ b/core/sql/sqlcomp/PrivMgrObjects.h
@@ -92,6 +92,10 @@ public:
const std::string & schemaName,
const std::string & objectName);
+ PrivStatus fetchObjectOwner(
+ const int64_t objectUID,
+ int_32 & objectOwner);
+
PrivStatus fetchQualifiedName(
const int64_t objectUID,
std::string & qualifiedObjectName);
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrPrivileges.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp
index e38317b..f3462b9 100644
--- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp
+++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp
@@ -49,6 +49,7 @@
#include "ComUser.h"
#include "CmpSeabaseDDLutil.h"
#include "logmxevent_traf.h"
+class ColPrivEntry;
class ColPrivGrant;
class ColumnPrivsMDTable;
@@ -233,6 +234,29 @@ public:
// Describe a row for tracing
void describeRow (std::string &rowDetails);
+// sets the privilege and grantable bitmaps to 0
+ void clearVisited()
+ {
+ visited_.columnOrdinal = columnOrdinal_;
+ visited_.privsBitmap.reset();
+ visited_.grantableBitmap.reset();
+ }
+
+// sets the current entry to match the original privileges
+// before they are adjusted by a revoke command
+ void setCurrentToOriginal()
+ {
+ current_.columnOrdinal = columnOrdinal_;
+ current_.privsBitmap = privsBitmap_;
+ current_.grantableBitmap = grantableBitmap_;
+ }
+
+// compares the current privileges with the regenerated grant tree to
+// see if there are any broken branches
+ NABoolean anyNotVisited()
+ {return current_.privsBitmap != visited_.privsBitmap ||
+ current_.grantableBitmap != visited_.grantableBitmap;}
+
// -------------------------------------------------------------------
// Data Members:
@@ -248,6 +272,9 @@ public:
PrivColumnBitmap privsBitmap_;
PrivColumnBitmap grantableBitmap_;
+ ColPrivEntry visited_;
+ ColPrivEntry current_;
+
};
@@ -292,17 +319,6 @@ private:
ColumnPrivsMDRow &rowOut);
};
-class ColPrivEntry
-{
-public:
- int32_t columnOrdinal;
- PrivColumnBitmap privsBitmap;
- PrivColumnBitmap grantableBitmap;
- bool isUpdate;
- ColPrivEntry()
- : columnOrdinal(0),isUpdate(false){};
-};
-
class ColObjectGrants
{
public:
@@ -395,6 +411,27 @@ static bool hasGrantedColumnPriv(
static bool isDelimited( const std::string &identifier);
// *****************************************************************************
+// ColPrivEntry constructors
+// *****************************************************************************
+ColPrivEntry::ColPrivEntry ( const PrivMgrMDRow &row )
+{
+ PrivMgrMDRow theRow = row;
+ ColumnPrivsMDRow &columnRow = static_cast<ColumnPrivsMDRow &> (theRow);
+ columnOrdinal = columnRow.columnOrdinal_;
+ privsBitmap = columnRow.privsBitmap_;
+ grantableBitmap = columnRow.grantableBitmap_;
+ isUpdate = false;
+}
+
+ColPrivEntry::ColPrivEntry ( const ColPrivEntry &other)
+{
+ columnOrdinal = other.columnOrdinal;
+ privsBitmap = other.privsBitmap;
+ grantableBitmap = other.grantableBitmap;
+ isUpdate = other.isUpdate;
+}
+
+// *****************************************************************************
// PrivMgrPrivileges methods
// *****************************************************************************
@@ -571,11 +608,11 @@ PrivStatus PrivMgrPrivileges::getColPrivsForUser(
{
-std::vector<ColumnPrivsMDRow> rowList;
+ std::vector<ColumnPrivsMDRow> rowList;
-// Get the privileges for the columns of the object granted to the grantee
-PrivStatus privStatus = getColRowsForGrantee(columnRowList_,granteeID,roleIDs,
- rowList,secKeySet);
+ // Get the privileges for the columns of the object granted to the grantee
+ PrivStatus privStatus = getColRowsForGrantee(columnRowList_,granteeID,roleIDs,
+ rowList,secKeySet);
if (privStatus == STATUS_ERROR)
return privStatus;
@@ -998,71 +1035,70 @@ PrivStatus PrivMgrPrivileges::grantColumnPrivileges(
const bool isWGOSpecified)
{
-PrivStatus privStatus = STATUS_GOOD;
-std::vector<ColPrivSpec> &colPrivsArray =
+ std::string traceMsg;
+
+ PrivStatus privStatus = STATUS_GOOD;
+ std::vector<ColPrivSpec> &colPrivsArray =
const_cast<std::vector<ColPrivSpec> &>(colPrivsArrayIn);
- log (__FILE__, "checking column privileges", -1);
+ log (__FILE__, "Checking column privileges", -1);
-// generate the list of column privileges granted to the object and store in
-// class (columnRowList_)
+ // generate the list of column privileges granted to the object and store in
+ // class (columnRowList_)
if (generateColumnRowList() == STATUS_ERROR)
- return STATUS_ERROR;
+ return STATUS_ERROR;
-// get roleIDs for the grantor
-std::vector<int_32> roleIDs;
+ // get roleIDs for the grantor
+ std::vector<int_32> roleIDs;
privStatus = getRoleIDsForUserID(grantorID_,roleIDs);
if (privStatus == STATUS_ERROR)
return privStatus;
-// Determine if the grantor has WITH GRANT OPTION (WGO) for all the
-// columns to be granted. If not, return an error.
-ObjectPrivsMDTable objectPrivsTable(objectTableName_,pDiags_);
-ColumnPrivsMDTable columnPrivsTable(columnTableName_,pDiags_);
+ // Determine if the grantor has WITH GRANT OPTION (WGO) for all the
+ // columns to be granted. If not, return an error.
+ ObjectPrivsMDTable objectPrivsTable(objectTableName_,pDiags_);
+ ColumnPrivsMDTable columnPrivsTable(columnTableName_,pDiags_);
-// Grantor may have WGO from two sources, object-level grants on the object,
-// and column-level grants. First check the object-level grants. If there
-// are privileges still to grant, check for requisite column-level grants.
+ // Grantor may have WGO from two sources, object-level grants on the object,
+ // and column-level grants. First check the object-level grants. If there
+ // are privileges still to grant, check for requisite column-level grants.
-std::vector<ColPrivEntry> grantedColPrivs;
-
- if (!hasColumnWGO(colPrivsArrayIn,roleIDs,privStatus))
- {
- if (privStatus == STATUS_NOTFOUND)
- *pDiags_ << DgSqlCode(-CAT_PRIVILEGE_NOT_GRANTED);
- else
- PRIVMGR_INTERNAL_ERROR("Cannot fetch privileges");
- return STATUS_ERROR;
- }
+ std::vector<ColPrivEntry> grantedColPrivs;
+ if (!hasColumnWGO(colPrivsArrayIn,roleIDs,privStatus))
+ {
+ if (privStatus == STATUS_NOTFOUND)
+ *pDiags_ << DgSqlCode(-CAT_PRIVILEGE_NOT_GRANTED);
+ else
+ PRIVMGR_INTERNAL_ERROR("Cannot fetch privileges");
+ return STATUS_ERROR;
+ }
-// Grantor has authority to grant all privileges requested. See if some of
-// the grants are already present. (may be adding WGO)
+ // Grantor has authority to grant all privileges requested. See if some of
+ // the grants are already present. (may be adding WGO)
-// Get existing column grants from grantor to the specified grantee.
+ // Get existing column grants from grantor to the specified grantee.
getColRowsForGranteeGrantor(columnRowList_,
granteeID,grantorID_,
grantedColPrivs);
-// Merge the column-privilege-to-grant entries (colPrivArray) into one entry
-// per column ordinal.
-//
-// Example: Given a commands such as
-//
-// GRANT SELECT(COL4),INSERT(COL2,COL4) ON TAB TO USER;
-//
-// three entries are generated by the parser, but only two rows are written;
-// one for column 2 (insert) and one for column 4 (insert and select).
-//
-// Input may have same column ordinal in multiple entries, but the input is
-// guaranteed not to contain same ordinal and privType more than once.
-
-std::vector<ColPrivEntry> colPrivsToGrant;
-
- for (size_t i = 0; i < colPrivsArray.size(); i++)
- {
- const ColPrivSpec &colPrivEntry = colPrivsArray[i];
+ // Merge the column-privilege-to-grant entries (colPrivArray) into one entry
+ // per column ordinal.
+ //
+ // Example: Given a commands such as
+ //
+ // GRANT SELECT(COL4),INSERT(COL2,COL4) ON TAB TO USER;
+ //
+ // three entries are generated by the parser, but only two rows are written;
+ // one for column 2 (insert) and one for column 4 (insert and select).
+ //
+ // Input may have same column ordinal in multiple entries, but the input is
+ // guaranteed not to contain same ordinal and privType more than once.
+ std::vector<ColPrivEntry> colPrivsToGrant;
+ for (size_t i = 0; i < colPrivsArray.size(); i++)
+ {
+ const ColPrivSpec &colPrivEntry = colPrivsArray[i];
ColPrivEntry *existingEntry = findColumnEntry(colPrivsToGrant,
colPrivEntry.columnOrdinal);
@@ -1081,23 +1117,23 @@ std::vector<ColPrivEntry> colPrivsToGrant;
if (isWGOSpecified)
colPrivToGrant.grantableBitmap.set(colPrivEntry.privType);
- colPrivsToGrant.push_back(colPrivToGrant);
- }
- }
+ colPrivsToGrant.push_back(colPrivToGrant);
+ }
+ }
-// Walk the list of column privileges to grant, and either insert a new
-// row in the COLUMN_PRIVILEGES table or update an existing row.
+ // Walk the list of column privileges to grant, and either insert a new
+ // row in the COLUMN_PRIVILEGES table or update an existing row.
-bool rowWritten = false;
+ bool rowWritten = false;
-std::string whereBase(" WHERE object_uid = ");
+ std::string whereBase(" WHERE object_uid = ");
- whereBase += UIDToString(objectUID_);
- whereBase += " AND grantor_id = ";
- whereBase += authIDToString(grantorID_);
- whereBase += " AND grantee_id = ";
- whereBase += authIDToString(granteeID);
- whereBase += " AND column_number = ";
+ whereBase += UIDToString(objectUID_);
+ whereBase += " AND grantor_id = ";
+ whereBase += authIDToString(grantorID_);
+ whereBase += " AND grantee_id = ";
+ whereBase += authIDToString(granteeID);
+ whereBase += " AND column_number = ";
for (size_t i = 0; i < colPrivsToGrant.size(); i++)
{
@@ -1170,28 +1206,46 @@ std::string whereBase(" WHERE object_uid = ");
if (skipOperation)
continue;
- ColumnPrivsMDRow row;
+ // TBD: need to get the list of referencing views that need to have this
+ // privilege progated.
+ //
+ // SQL ANSI general rules state
+ //
+ // - When granting INSERT, UPDATE, or DELETE object or column privilege to
+ // a table that is referenced by one or more views, then the privilege
+ // should be propagated to any updatable views that reference the table.
+ // The grant request to the these views should be executed as though the
+ // current user is _SYSTEM.
+ //
+ // - If the table already has SELECT privilege and a new grant is
+ // performed that adds the WITH GRANT OPTION, then the WITH GRANT OPTION
+ // is to be propagated to referencing views. The grant request should
+ // be executed as though the current user is _SYSTEM.
+
+
+ // Prepare for the insert or update request
+ ColumnPrivsMDRow row;
- row.objectUID_ = objectUID_;
- row.objectName_ = objectName_;
- row.granteeID_ = granteeID;
- row.granteeName_ = granteeName;
- row.grantorID_ = grantorID_;
- row.grantorName_ = grantorName;
- row.privsBitmap_ = colPrivToGrant.privsBitmap;
- row.grantableBitmap_ = colPrivToGrant.grantableBitmap;
- row.columnOrdinal_ = colPrivToGrant.columnOrdinal;
+ row.objectUID_ = objectUID_;
+ row.objectName_ = objectName_;
+ row.granteeID_ = granteeID;
+ row.granteeName_ = granteeName;
+ row.grantorID_ = grantorID_;
+ row.grantorName_ = grantorName;
+ row.privsBitmap_ = colPrivToGrant.privsBitmap;
+ row.grantableBitmap_ = colPrivToGrant.grantableBitmap;
+ row.columnOrdinal_ = colPrivToGrant.columnOrdinal;
- if (updateOperation)
- privStatus = columnPrivsTable.updateColumnRow(row,whereBase);
- else
- privStatus = columnPrivsTable.insert(row);
+ if (updateOperation)
+ privStatus = columnPrivsTable.updateColumnRow(row,whereBase);
+ else
+ privStatus = columnPrivsTable.insert(row);
- if (privStatus == STATUS_ERROR)
- return privStatus;
+ if (privStatus == STATUS_ERROR)
+ return privStatus;
- rowWritten = true;
- }
+ rowWritten = true;
+ }
//TODO: Could issue a warning if no privileges were granted; means all
// requested grants already exist.
@@ -1435,7 +1489,8 @@ PrivStatus PrivMgrPrivileges::grantObjectPriv(
{
ObjectUsage objectUsage;
objectUsage.objectUID = objectUID_;
- objectUsage.objectOwner = granteeID;
+ objectUsage.granteeID = granteeID;
+ objectUsage.grantorIsSystem = false;
objectUsage.objectName = row.objectName_;
objectUsage.objectType = row.objectType_;
@@ -1467,8 +1522,24 @@ PrivStatus PrivMgrPrivileges::grantObjectPriv(
pObj->describe(traceMsg);
log (__FILE__, traceMsg, i);
- int32_t theGrantor = (pObj->objectType == COM_VIEW_OBJECT) ? SYSTEM_USER : grantorID_;
- int32_t theGrantee = pObj->objectOwner;
+ // Determine the grantor:
+ // SQL ANSI general rules state
+ //
+ // - When granting INSERT, UPDATE, or DELETE object or column privilege to
+ // a table that is referenced by one or more views, then the privilege
+ // should be propagated to any updatable views that reference the table.
+ // The grant request to the these views should be executed as though the
+ // current user is _SYSTEM.
+ //
+ // - If the table already has SELECT privilege and a new grant is
+ // performed that adds the WITH GRANT OPTION, then the WITH GRANT OPTION
+ // is to be propagated to referencing views. The grant request should
+ // be executed as though the current user is _SYSTEM.
+ //
+ // The listOfObjects contains referencing views that meet the above
+ // criteria.
+ int32_t theGrantor = (pObj->grantorIsSystem) ? SYSTEM_USER : grantorID_;
+ int32_t theGrantee = pObj->granteeID;
int64_t theUID = pObj->objectUID;
PrivMgrCoreDesc thePrivs = pObj->updatedPrivs.getTablePrivs();
@@ -1866,7 +1937,7 @@ PrivStatus PrivMgrPrivileges::dealWithUdrs(
if (objectList.size() > 0)
{
std::vector<int32_t> roleIDs;
- retcode = getRoleIDsForUserID(objectUsage.objectOwner,roleIDs);
+ retcode = getRoleIDsForUserID(objectUsage.granteeID,roleIDs);
if (retcode == STATUS_ERROR)
return retcode;
@@ -1874,7 +1945,7 @@ PrivStatus PrivMgrPrivileges::dealWithUdrs(
// privs for the library
// current privs contains any adjustments
retcode = summarizeCurrentAndOriginalPrivs(objectUsage.objectUID,
- objectUsage.objectOwner,
+ objectUsage.granteeID,
roleIDs,
listOfAffectedObjects,
originalPrivs,
@@ -1975,22 +2046,28 @@ PrivStatus PrivMgrPrivileges::dealWithViews(
{
// this view is affected by the grant/revoke request, add to list
// and check to see if anything down stream needs to change
- ObjectUsage *pUsage = new (ObjectUsage);
- pUsage->objectUID = viewUsage.viewUID;
- pUsage->objectOwner = viewUsage.viewOwner;
- pUsage->objectName = viewUsage.viewName;
- pUsage->objectType = COM_VIEW_OBJECT;
- pUsage->originalPrivs = viewUsage.originalPrivs;
- pUsage->updatedPrivs = viewUsage.updatedPrivs;
- listOfAffectedObjects.push_back(pUsage);
-
- traceMsg = "adding new objectUsage for ";
- pUsage->describe(traceMsg);
- log (__FILE__, traceMsg, i);
-
- retcode = dealWithViews(*pUsage, command, listOfAffectedObjects);
- if (retcode != STATUS_GOOD && retcode != STATUS_WARNING)
- return retcode;
+ // We already have select privilege on the view. So only adjust
+ // view for other privileges if it is updatable and insertable
+ if (viewUsage.isUpdatable && viewUsage.isInsertable)
+ {
+ ObjectUsage *pUsage = new (ObjectUsage);
+ pUsage->objectUID = viewUsage.viewUID;
+ pUsage->granteeID = viewUsage.viewOwner;
+ pUsage->grantorIsSystem = true;
+ pUsage->objectName = viewUsage.viewName;
+ pUsage->objectType = COM_VIEW_OBJECT;
+ pUsage->originalPrivs = viewUsage.originalPrivs;
+ pUsage->updatedPrivs = viewUsage.updatedPrivs;
+ listOfAffectedObjects.push_back(pUsage);
+
+ traceMsg = "adding new objectUsage for ";
+ pUsage->describe(traceMsg);
+ log (__FILE__, traceMsg, i);
+
+ retcode = dealWithViews(*pUsage, command, listOfAffectedObjects);
+ if (retcode != STATUS_GOOD && retcode != STATUS_WARNING)
+ return retcode;
+ }
}
}
@@ -2202,7 +2279,8 @@ PrivStatus PrivMgrPrivileges::getAffectedObjects(
// found an object whose privileges need to be updated
ObjectUsage *pUsage = new (ObjectUsage);
pUsage->objectUID = objectUsage.objectUID;
- pUsage->objectOwner = objectUsage.objectOwner;
+ pUsage->granteeID = objectUsage.granteeID;
+ pUsage->grantorIsSystem = objectUsage.grantorIsSystem;
pUsage->objectName = objectUsage.objectName;
pUsage->objectType = objectUsage.objectType;
pUsage->originalPrivs = objectUsage.originalPrivs;
@@ -2452,56 +2530,79 @@ PrivStatus PrivMgrPrivileges::revokeColumnPrivileges(
return privStatus;
}
-// Create a privsToRevoke array using the passed in revoke entries and the
-// list of currently granted column privileges. Combine multiple privileges
-// for the same column into one entry.
-
-std::vector<ColPrivEntry> colPrivsToRevoke;
+ // Create a privsToRevoke array using the passed in revoke entries and the
+ // list of currently granted column privileges. Combine multiple privileges
+ // for the same column into one entry.
+ std::vector<ColPrivEntry> colPrivsToRevoke;
for (size_t i = 0; i < colPrivsArray.size(); i++)
{
const ColPrivSpec &colPrivSpecEntry = colPrivsArray[i];
+ PrivType privType = colPrivSpecEntry.privType;
+ int32_t columnOrdinal = colPrivSpecEntry.columnOrdinal;
+ // Find the priv details from metadata
+ ColPrivEntry *metadataEntry = findColumnEntry(grantedColPrivs,
+ columnOrdinal);
+ if (metadataEntry == NULL)
+ {
+ PRIVMGR_INTERNAL_ERROR("Privilege to revoke not found");
+ return STATUS_ERROR;
+ }
+
+ // See if privilege entry has already been created
ColPrivEntry *existingEntry = findColumnEntry(colPrivsToRevoke,
- colPrivSpecEntry.columnOrdinal);
+ columnOrdinal);
if (existingEntry != NULL)
- existingEntry->privsBitmap.set(colPrivSpecEntry.privType);
+ {
+ existingEntry->privsBitmap.set(privType);
+
+ // if revoking a privilege and auth ID has WGO, then revoke
+ // the WGO bit also
+ PrivColumnBitmap grantableBitmap = metadataEntry->grantableBitmap;
+ existingEntry->grantableBitmap.set(privType, grantableBitmap.test(privType));
+ }
else
{
ColPrivEntry colPrivToRevoke;
- colPrivToRevoke.columnOrdinal = colPrivSpecEntry.columnOrdinal;
- colPrivToRevoke.privsBitmap.set(colPrivSpecEntry.privType);
-
+ colPrivToRevoke.columnOrdinal = columnOrdinal;
+ colPrivToRevoke.privsBitmap.set(privType);
+
+ // if revoking a privilege and auth ID has WGO, then revoke
+ // the WGO bit also
+ colPrivToRevoke.grantableBitmap.set(privType, metadataEntry->grantableBitmap.test(privType));
+
colPrivsToRevoke.push_back(colPrivToRevoke);
}
}
-// At this point we have an array of privsToRevoke with column ordinal and
-// priv bitmap.
-//
-// Three revoke column cases:
-//
-// Spec Spec Priv bitmap compare
-// GOF Priv to granted priv bitmap Action
-// T 1 NA Removing WGO only. Update operation.
-// Reset privType bit in grantable bitmap,
-// copy priv bitmap from granted privs.
-//
-// F 1 Equal Revoking all privs on this column, plus
-// WGO. Delete operation.
-//
-// F 1 Not equal Revoking some privs on this column plus
-// WGO for the revoked privs. Reset bits in
-// both bitmaps. Update operation.
-
-
-//TODO: When revoking WGO, need to check for dependent objects, e.g. views.
-
-bool rowRevoked = false;
-PrivColumnBitmap revokedPrivs;
+ // Verify that the existing grant tree stays intact (i.e. no broken branches)
+ // if the requested privileges are revokew.
+ if (checkColumnRevokeRestrict (granteeID, colPrivsToRevoke, columnRowList_))
+ return STATUS_ERROR;
-std::string whereBase(" WHERE object_uid = ");
+ // At this point we have an array of privsToRevoke with column ordinal and
+ // priv bitmap.
+ //
+ // Three revoke column cases:
+ //
+ // Spec Spec Priv bitmap compare
+ // GOF Priv to granted priv bitmap Action
+ // T 1 NA Removing WGO only. Update operation.
+ // Reset privType bit in grantable bitmap,
+ // copy priv bitmap from granted privs.
+ //
+ // F 1 Equal Revoking all privs on this column, plus
+ // WGO. Delete operation.
+ //
+ // F 1 Not equal Revoking some privs on this column plus
+ // WGO for the revoked privs. Reset bits in
+ // both bitmaps. Update operation.
+ bool rowRevoked = false;
+ PrivColumnBitmap revokedPrivs;
+
+ std::string whereBase(" WHERE object_uid = ");
whereBase += UIDToString(objectUID_);
whereBase += " AND grantor_id = ";
@@ -2601,9 +2702,9 @@ std::string whereBase(" WHERE object_uid = ");
rowRevoked = true;
}
-// Send revoked privs to RMS
-SQL_QIKEY siKeyList[NBR_DML_COL_PRIVS];
-size_t siIndex = 0;
+ // Send revoked privs to RMS
+ SQL_QIKEY siKeyList[NBR_DML_COL_PRIVS];
+ size_t siIndex = 0;
for (size_t i = FIRST_DML_COL_PRIV; i <= LAST_DML_COL_PRIV; i++ )
{
@@ -2807,7 +2908,8 @@ PrivStatus PrivMgrPrivileges::revokeObjectPriv (const ComObjectType objectType,
// removing the privilege
ObjectUsage objectUsage;
objectUsage.objectUID = objectUID_;
- objectUsage.objectOwner = granteeID;
+ objectUsage.granteeID = granteeID;
+ objectUsage.grantorIsSystem = false;
objectUsage.objectName = row.objectName_;
objectUsage.objectType = row.objectType_;
@@ -2837,8 +2939,23 @@ PrivStatus PrivMgrPrivileges::revokeObjectPriv (const ComObjectType objectType,
ObjectUsage *pObj = listOfObjects[i];
PrivMgrCoreDesc thePrivs = pObj->updatedPrivs.getTablePrivs();
- int32_t theGrantor = grantorID_;
- int32_t theGrantee = pObj->objectOwner;
+ // Determine the grantor:
+ // SQL ANSI general rules state
+ //
+ // - When revoking INSERT, UPDATE, or DELETE object or column privilege from
+ // a table that is referenced by one or more views, then the privilege
+ // should be revoked on any updatable views that reference the table.
+ // The revoke request to the these views should be executed as though the
+ // current user is _SYSTEM.
+ //
+ // - If the revoke is performed that removes the WITH GRANT OPTION, then
+ // the WITH GRANT OPTION is to be removed frome referencing views. The
+ // revoke request should be executed as though the current user is _SYSTEM.
+ //
+ // The listOfObjects contains referencing views that meet the above
+ // criteria.
+ int32_t theGrantor = (pObj->grantorIsSystem) ? SYSTEM_USER : grantorID_;
+ int32_t theGrantee = pObj->granteeID;
int64_t theUID = pObj->objectUID;
sprintf(buf, "where grantee_id = %d and grantor_id = %d and object_uid = %ld",
@@ -3151,6 +3268,264 @@ void PrivMgrPrivileges::scanPublic( const PrivType pType, // in
} // end scan privsList over all Grantees/Grantors
} // end scanPublic
+// ----------------------------------------------------------------------------
+// method: checkColumnRevokeRestrict
+//
+// This method starts at the beginning of the privilege tree and rebuilds
+// it from top to bottom. If the revoke causes part of the tree to be
+// unaccessible (a broken branch), it returns true; otherwise, revoke can
+// proceed - returns false.
+//
+// Params:
+// granteeID - the target AuthID
+// colPrivsToRevoke - the list of column entries containing proposed
+// changes from the requested revoke statement.
+// rowList - a list of all the rows associated with the object
+//
+// true - unable to perform revoke because of dependencies
+// false - able to perform revoke.privileges
+//
+// The diags area is set up with where the tree was broken
+// ----------------------------------------------------------------------------
+bool PrivMgrPrivileges::checkColumnRevokeRestrict (
+ int32_t granteeID,
+ const std::vector<ColPrivEntry> &colPrivsToRevoke,
+ std::vector <PrivMgrMDRow *> &rowList )
+{
+ std::string traceMsg;
+ log (__FILE__, "checking column grant tree for broken branches", -1);
+
+ // Clear visited_ bitmaps and set current_ bitmaps to current priv values
+ // Search the list of privileges associated with the object and turn off
+ // the bitmaps in current_ that are no longer available when the revoke
+ // completes - based on colPrivsToRevoke.
+ for (int32_t i = 0; i < rowList.size(); i++)
+ {
+ ColumnPrivsMDRow ¤tRow = static_cast<ColumnPrivsMDRow &> (*rowList[i]);
+ currentRow.setCurrentToOriginal();
+ currentRow.clearVisited();
+
+ // only look at rows for the current grantor and grantee
+ if (currentRow.grantorID_ == grantorID_ &&
+ currentRow.granteeID_ == granteeID)
+ {
+ // Adjust rows that have had their privileges updated
+ for (int32_t j = 0; j < colPrivsToRevoke.size(); j++)
+ {
+ ColPrivEntry updatedEntry = (ColPrivEntry)colPrivsToRevoke[j];
+
+ if (updatedEntry.columnOrdinal == currentRow.columnOrdinal_)
+ {
+ PrivColumnBitmap newPrivsBitmap = updatedEntry.privsBitmap ^= currentRow.privsBitmap_;
+ PrivColumnBitmap newGrantableBitmap = updatedEntry.grantableBitmap ^= currentRow.grantableBitmap_;
+ currentRow.current_.privsBitmap = newPrivsBitmap;
+ currentRow.current_.grantableBitmap = newGrantableBitmap;
+ traceMsg = "Adjusted current_ to reflect revoked privileges";
+ traceMsg += ", grantor is ";
+ traceMsg += to_string((long long int)currentRow.grantorID_);
+ traceMsg += ", grantee is ";
+ traceMsg += to_string((long long int) currentRow.granteeID_);
+ log (__FILE__, traceMsg, -1);
+ }
+ }
+ }
+ }
+
+ // Reconstruct the privilege tree based on the adjusted privileges
+ // starting with the object owner - get the object owner.
+ PrivMgrObjects objects(trafMetadataLocation_,pDiags_);
+ int32_t objectOwner = 0;
+ PrivStatus privStatus = objects.fetchObjectOwner(objectUID_,objectOwner);
+ if (privStatus == STATUS_ERROR)
+ {
+ PRIVMGR_INTERNAL_ERROR("Could not fetch object owner");
+ return true;
+ }
+
+ // Create the list of columns that have been changed, during
+ // reconstruction, only look at rows that have changes.
+ // std::set does not add entries if they already exist.
+ std::set<int32_t> listOfColumnOrdinals;
+ for ( size_t i = 0; i < colPrivsToRevoke.size(); i++)
+ {
+ const ColPrivEntry colPrivToRevoke = colPrivsToRevoke[i];
+ listOfColumnOrdinals.insert(colPrivToRevoke.columnOrdinal);
+ }
+
+ // Reconstruct tree
+ for ( size_t i = 0; i < NBR_DML_COL_PRIVS; i++ )
+ {
+ scanColumnBranch (PrivType(i), objectOwner, listOfColumnOrdinals, rowList);
+ }
+
+ // If a branch of the tree was not visited, then we have a broken
+ // tree. Therefore, revoke restrict will leave abandoned privileges
+ // in the case, return true.
+ bool notVisited = false;
+ for (size_t i = 0; i < rowList.size(); i++)
+ {
+ ColumnPrivsMDRow ¤tRow = static_cast<ColumnPrivsMDRow &> (*rowList[i]);
+
+ // Only look at rows that have been changed
+ for (std::set<int32_t>::iterator it = listOfColumnOrdinals.begin();
+ it!= listOfColumnOrdinals.end(); ++it)
+ {
+ if (*it == currentRow.columnOrdinal_)
+ {
+ currentRow.describeRow(traceMsg);
+ log (__FILE__, traceMsg, i);
+
+ if (currentRow.anyNotVisited())
+ {
+ *pDiags_ << DgSqlCode(-CAT_DEPENDENT_PRIV_EXISTS)
+ << DgString0(currentRow.grantorName_.c_str())
+ << DgString1(currentRow.granteeName_.c_str());
+
+ log (__FILE__, "found a branch that is not accessible", -1);
+ notVisited = true;
+ break;
+ }
+ }
+ }
+ }
+ return notVisited;
+}
+
+// ----------------------------------------------------------------------------
+// method: scanObjectBranch
+//
+// scans the privsList entries for match on Grantor,
+// keeping track of which priv/wgo entries have been encountered
+// by setting "visited" flag in the entry.
+//
+// For each entry discovered, set visited flag to indicate that
+// priv and wgo were seen. For wgo, if the wgo visited flag has not
+// already been set, call scanObjectBranch recursively with this grantee
+// as grantor. (By observing the state of the wgo visited flag
+// we avoid redundantly exploring the sub-tree rooted in a grantor
+// which has already been discovered as having wgo from some other
+// ancestor grantor.)
+//
+// This algorithm produces a depth-first scan of all nodes of the
+// directed graph of privilege settings which can currently be reached
+// by an uninterrupted chain of wgo values.
+//
+// The implementation is dependent on the fact that rowList
+// entries are ordered by Grantor, Grantee, columnOrdinal
+// -----------------------------------------------------------------------------
+void PrivMgrPrivileges::scanColumnBranch( const PrivType pType,
+ const int32_t& grantor,
+ const std::set<int32_t> &listOfColumnOrdinals,
+ const std::vector<PrivMgrMDRow *> & rowList )
+{
+
+ // The PrivMgrMDRow <list> is maintained in order by
+ // columnOrdinal within Grantee within Grantor - through an order by clause.
+
+ // Skip over Grantors lower than the specified one.
+ size_t i = 0;
+ while ( i < rowList.size() )
+ {
+ ColumnPrivsMDRow ¤tRow = static_cast<ColumnPrivsMDRow &> (*rowList[i]);
+ if (currentRow.grantorID_ < grantor)
+ i++;
+ else
+ break;
+ }
+
+ // For matching Grantor, process each Grantee.
+ while ( i < rowList.size() )
+ {
+ ColumnPrivsMDRow ¤tRow = static_cast<ColumnPrivsMDRow &> (*rowList[i]);
+ if (currentRow.grantorID_ == grantor)
+ {
+
+ // Just look at rows that have had privileges changed
+ // The listOfColumnOrdinals has this list
+ ColPrivEntry current = currentRow.current_;
+ std::set<int32_t>::iterator it;
+ it = std::find(listOfColumnOrdinals.begin(), listOfColumnOrdinals.end(), current.columnOrdinal);
+ if (it != listOfColumnOrdinals.end())
+ {
+ if ( current.privsBitmap.test(pType) )
+ {
+ // This grantee has priv. Set corresponding visited flag.
+ currentRow.visited_.privsBitmap.set(pType, true);
+
+ if ( current.grantableBitmap.test(pType))
+ {
+ // This grantee has wgo.
+ if ( currentRow.visited_.grantableBitmap.test(pType) )
+ { // Already processed this subtree.
+ }
+ else
+ {
+ currentRow.visited_.grantableBitmap.set(pType, true);
+
+ // To check: since column level privileges do not have
+ // an anchor, we choose the object owner as the root.
+ int32_t thisGrantee( currentRow.granteeID_ );
+ if ( ComUser::isPublicUserID(thisGrantee) )
+ scanPublic( pType, // Deal with PUBLIC grantee wgo.
+ rowList );
+ else
+ {
+ int32_t granteeAsGrantor(thisGrantee);
+ scanColumnBranch( pType, // Scan for this grantee as grantor.
+ granteeAsGrantor,
+ listOfColumnOrdinals,
+ rowList );
+ }
+ }
+ } // end this grantee has wgo
+ } // end this grantee has this priv
+ } // correct column ordinal
+ i++; // on to next rowList entry
+ }
+ else
+ break; // done with the grantor
+ } // end scan rowList over Grantees for this Grantor
+}
+
+/* *******************************************************************
+ scanColumnPublic -- a grant wgo to PUBLIC has been encountered for the
+ current privilege type, so *all* users are able to grant this privilege.
+ Scan the privsList for all grantees who have this priv from any grantor,
+ marking each such entry as visited.
+
+****************************************************************** */
+
+void PrivMgrPrivileges::scanColumnPublic(
+ const PrivType pType, // in
+ const std::set<int32_t> &listOfColumnOrdinals,
+ const std::vector<PrivMgrMDRow *>& rowList ) // in
+{
+ // PUBLIC has a priv wgo. So *every* grant of this priv
+ // is allowed, by any Grantor.
+ for ( size_t i = 0; i < rowList.size(); i++ )
+ {
+ ColumnPrivsMDRow ¤tRow = static_cast<ColumnPrivsMDRow &> (*rowList[i]);
+
+ // Just look at rows that have had privileges changed
+ // The listOfColumnOrdinals has this list
+ ColPrivEntry current = currentRow.current_;
+ std::set<int32_t>::iterator it;
+ it = std::find(listOfColumnOrdinals.begin(), listOfColumnOrdinals.end(), current.columnOrdinal);
+ if (it != listOfColumnOrdinals.end())
+ {
+ if ( current.privsBitmap.test(pType) )
+ {
+ // This grantee has priv. Set corresponding visited flag.
+ currentRow.visited_.privsBitmap.set(pType, true);
+
+ // This grantee has wgo.
+ if ( currentRow.visited_.grantableBitmap.test(pType) )
+ currentRow.visited_.grantableBitmap.set(pType, true);
+ }
+ }
+ } // end scan privsList over all Grantees/Grantors
+} // end scanPublic
+
// ****************************************************************************
// method: sendSecurityKeysToRMS
@@ -3765,7 +4140,7 @@ PrivStatus PrivMgrPrivileges::summarizeCurrentAndOriginalPrivs(
ObjectUsage *pObj = listOfChangedPrivs[j];
if (pObj->objectUID == row.objectUID_ &&
grantorID_ == row.grantorID_ &&
- pObj->objectOwner == row.granteeID_ )
+ pObj->granteeID == row.granteeID_ )
{
current = pObj->updatedPrivs.getTablePrivs();
}
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrPrivileges.h
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.h b/core/sql/sqlcomp/PrivMgrPrivileges.h
index ce0ca55..473e2cd 100644
--- a/core/sql/sqlcomp/PrivMgrPrivileges.h
+++ b/core/sql/sqlcomp/PrivMgrPrivileges.h
@@ -57,6 +57,24 @@ public:
};
// *****************************************************************************
+// * Class: ColPrivEntry
+// * Description: This class represents the privileges and corresponding
+// * WGO (with grant option) for a column
+// *****************************************************************************
+class ColPrivEntry
+{
+public:
+ int32_t columnOrdinal;
+ PrivColumnBitmap privsBitmap;
+ PrivColumnBitmap grantableBitmap;
+ bool isUpdate;
+ ColPrivEntry()
+ : columnOrdinal(0),isUpdate(false){};
+ ColPrivEntry(const PrivMgrMDRow &row);
+ ColPrivEntry(const ColPrivEntry &other);
+};
+
+// *****************************************************************************
// * Class: PrivMgrPrivileges
// * Description: This class represents the access rights for objects
// *****************************************************************************
@@ -263,6 +281,11 @@ private:
// Private functions:
// -------------------------------------------------------------------
+ bool checkColumnRevokeRestrict (
+ int32_t granteeID,
+ const std::vector<ColPrivEntry> &colPrivsToRevoke,
+ std::vector <PrivMgrMDRow *> &rowList );
+
bool checkRevokeRestrict (
PrivMgrMDRow &rowIn,
std::vector<PrivMgrMDRow *> &rowList );
@@ -334,10 +357,20 @@ private:
const std::vector<int32_t> &roleIDs,
PrivStatus & privStatus);
+ void scanColumnBranch( const PrivType pType,
+ const int32_t& grantor,
+ const std::set<int32_t> &listOfColumnOrdinals,
+ const std::vector<PrivMgrMDRow *> & rowList );
+
+ void scanColumnPublic(
+ const PrivType pType,
+ const std::set<int32_t> &listOfColumnOrdinals,
+ const std::vector<PrivMgrMDRow *>& rowList );
+
void scanObjectBranch(
- const PrivType pType, // in
- const int32_t& grantor, // in
- const std::vector<PrivMgrMDRow *>& rowList ); // in
+ const PrivType pType,
+ const int32_t& grantor,
+ const std::vector<PrivMgrMDRow *>& rowList );
void scanPublic(
const PrivType pType, // in
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/8652aeb8/core/sql/sqlcomp/PrivMgrRoles.cpp
----------------------------------------------------------------------
diff --git a/core/sql/sqlcomp/PrivMgrRoles.cpp b/core/sql/sqlcomp/PrivMgrRoles.cpp
index cc7abe8..8f47202 100644
--- a/core/sql/sqlcomp/PrivMgrRoles.cpp
+++ b/core/sql/sqlcomp/PrivMgrRoles.cpp
@@ -412,6 +412,7 @@ PrivMgrMDAdmin admin(trafMetadataLocation_,metadataLocation_,pDiags_);
switch (referencedObjectsList[obj]->objectType)
{
case COM_BASE_TABLE_OBJECT:
+ case COM_VIEW_OBJECT:
privType = SELECT_PRIV;
break;
case COM_USER_DEFINED_ROUTINE_OBJECT:
[5/5] incubator-trafodion git commit: Merge [TRAFODION-1761] + PR-281
privilege fixes
Posted by rm...@apache.org.
Merge [TRAFODION-1761] + PR-281 privilege fixes
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/c0bb8efa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/c0bb8efa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/c0bb8efa
Branch: refs/heads/master
Commit: c0bb8efaa925f696248998f1f58208eee4f5001b
Parents: dd0156f 240cc68
Author: Roberta Marton <ro...@apache.org>
Authored: Tue Jan 26 21:18:37 2016 +0000
Committer: Roberta Marton <ro...@apache.org>
Committed: Tue Jan 26 21:18:37 2016 +0000
----------------------------------------------------------------------
core/sql/regress/privs1/EXPECTED141 | Bin 78469 -> 92809 bytes
core/sql/regress/privs1/TEST141 | 65 +++
core/sql/regress/privs2/EXPECTED135 | 84 ++-
core/sql/regress/privs2/EXPECTED140 | 66 ++-
core/sql/regress/privs2/TEST135 | 54 +-
core/sql/regress/privs2/TEST140 | 13 +-
core/sql/regress/tools/runregr_privs1.ksh | 3 -
core/sql/regress/tools/runregr_privs2.ksh | 5 -
core/sql/sqlcomp/PrivMgrDesc.h | 51 +-
core/sql/sqlcomp/PrivMgrMD.cpp | 30 +-
core/sql/sqlcomp/PrivMgrMD.h | 9 +-
core/sql/sqlcomp/PrivMgrObjects.cpp | 52 ++
core/sql/sqlcomp/PrivMgrObjects.h | 4 +
core/sql/sqlcomp/PrivMgrPrivileges.cpp | 685 +++++++++++++++++++------
core/sql/sqlcomp/PrivMgrPrivileges.h | 39 +-
core/sql/sqlcomp/PrivMgrRoles.cpp | 1 +
16 files changed, 913 insertions(+), 248 deletions(-)
----------------------------------------------------------------------
[3/5] incubator-trafodion git commit: Privs2 - TEST140
Posted by rm...@apache.org.
Privs2 - TEST140
Fixed regression issue with TEST140. TEST140 assumes standard
schema "sch" exists. In this case it does not. So changed requests
to use a different schema
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/5af07d67
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/5af07d67
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/5af07d67
Branch: refs/heads/master
Commit: 5af07d67b5301be0cf0c59f15345056496253f80
Parents: 8652aeb
Author: Roberta Marton <ro...@apache.org>
Authored: Mon Jan 25 20:01:55 2016 +0000
Committer: Roberta Marton <ro...@apache.org>
Committed: Mon Jan 25 20:01:55 2016 +0000
----------------------------------------------------------------------
core/sql/regress/privs2/EXPECTED140 | 56 +++++++++++++++++++++-----------
core/sql/regress/privs2/TEST140 | 13 ++++----
2 files changed, 44 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/5af07d67/core/sql/regress/privs2/EXPECTED140
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs2/EXPECTED140 b/core/sql/regress/privs2/EXPECTED140
index 052709f..dc4a445 100644
--- a/core/sql/regress/privs2/EXPECTED140
+++ b/core/sql/regress/privs2/EXPECTED140
@@ -11,7 +11,7 @@ MESSAGEFILE /mnt/rmarton/gitws/incubator-trafodion/core/sqf/export/ ...
MESSAGEFILE LANG US English
MESSAGEFILE VRSN {2016-01-21 17:33 LINUX:EDEV05/rmarton}
SQL CATALOG TRAFODION
-SQL SCHEMA SCH
+SQL SCHEMA T140_SHARED_VIEWS
SQL USER CONNECTED user not connected
SQL USER DB NAME DB__ROOT
SQL USER ID 33333
@@ -57,6 +57,9 @@ WARNINGS on
>>create shared schema t140_shared_views;
--- SQL operation complete.
+>>set schema t140_shared_views;
+
+--- SQL operation complete.
>>
>>-- compile cpp program for function
>>sh rm -f ./etest140.dll;
@@ -66,9 +69,6 @@ WARNINGS on
>>set pattern $$QUOTE$$ '''';
>>
>>-- create the library and udf
->>set schema sch;
-
---- SQL operation complete.
>>create library t140_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ;
--- SQL operation complete.
@@ -78,7 +78,7 @@ WARNINGS on
+>deterministic no sql final call allow any parallelism state area size 1024 ;
--- SQL operation complete.
->>grant execute on function sch.t140_translatePrivsBitmap to "PUBLIC";
+>>grant execute on function t140_translatePrivsBitmap to "PUBLIC";
--- SQL operation complete.
>>
@@ -234,8 +234,8 @@ TEAMS
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
-+> sch.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
-+> sch.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
++> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
++> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
@@ -294,8 +294,8 @@ SQL_USER1
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
-+> sch.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
-+> sch.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
++> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
++> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
@@ -314,6 +314,9 @@ OBJECT_NAME
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI -2 DB__ROOT S----R-� S----R-�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
@@ -321,7 +324,7 @@ TRAFODION.T140_USER1_PRIVATE.PLAYERS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R-� SIDU-R-�
---- 9 row(s) selected.
+--- 12 row(s) selected.
>>
>>exit;
@@ -454,8 +457,8 @@ Zachary
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
-+> sch.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
-+> sch.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
++> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
++> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
@@ -475,6 +478,9 @@ TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLA
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI -2 DB__ROOT S----R-� S----R-�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
@@ -484,7 +490,7 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D----� S-D----�
---- 12 row(s) selected.
+--- 15 row(s) selected.
>>
>>exit;
@@ -612,6 +618,9 @@ TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_T VI -2 SQL_USER3 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
@@ -623,7 +632,7 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D----� S-D----�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------� NONE�
---- 15 row(s) selected.
+--- 18 row(s) selected.
>>
>>exit;
@@ -711,6 +720,9 @@ TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_T VI -2 SQL_USER3 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------� NONE�
@@ -723,7 +735,7 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D----� S-D----�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------� NONE�
---- 16 row(s) selected.
+--- 19 row(s) selected.
>>
>>exit;
@@ -745,8 +757,8 @@ SQL_USER5
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
-+> sch.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
-+> sch.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
++> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
++> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
@@ -835,6 +847,9 @@ TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_T VI -2 SQL_USER3 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 SI-----� SI-----�
@@ -854,7 +869,7 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D----� S-D----�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------� NONE�
---- 23 row(s) selected.
+--- 26 row(s) selected.
>>
>>-- user6 tries to grant select to user7
>>grant select on games to sql_user7 by sql_user6;
@@ -904,6 +919,9 @@ TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI DB__ROOT SQL_USER1 S------� S------�
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GA VI SQL_USER1 SQL_USER2 S------� NONE�
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_T VI -2 SQL_USER3 S------� NONE�
+TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG--� ---UG--�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR -2 DB__ROOT ------E� ------E�
+TRAFODION.T140_SHARED_VIEWS.T140_TRANSLA UR DB__ROOT -1 ------E� NONE�
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------� NONE�
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R-� SIDU-R-�
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 SI-----� SI-----�
@@ -921,6 +939,6 @@ TRAFODION.T140_USER1_PRIVATE.TEAMS
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D----� S-D----�
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------� NONE�
---- 21 row(s) selected.
+--- 24 row(s) selected.
>>
>>log;
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/5af07d67/core/sql/regress/privs2/TEST140
----------------------------------------------------------------------
diff --git a/core/sql/regress/privs2/TEST140 b/core/sql/regress/privs2/TEST140
index 153c19d..08b9f28 100755
--- a/core/sql/regress/privs2/TEST140
+++ b/core/sql/regress/privs2/TEST140
@@ -48,8 +48,9 @@ exit;
revoke select on "_MD_".objects from sql_user1;
revoke select on "_PRIVMGR_MD_".object_privileges from sql_user1;
-drop function sch.t140_translatePrivsBitmap;
-drop library sch.t140_l1;
+set schema t140_shared_views;
+drop function t140_translatePrivsBitmap;
+drop library t140_l1;
drop schema t140_user1_private cascade;
drop schema t140_user1_shared cascade;
@@ -86,6 +87,7 @@ grant select on "_PRIVMGR_MD_".object_privileges to metadata_access;
grant select on "_MD_".auths to metadata_access;
create shared schema t140_shared_views;
+set schema t140_shared_views;
-- compile cpp program for function
sh rm -f ./etest140.dll;
@@ -95,13 +97,12 @@ set pattern $$DLL$$ etest140.dll;
set pattern $$QUOTE$$ '''';
-- create the library and udf
-set schema sch;
create library t140_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ;
create function t140_translatePrivsBitmap(bitmap largeint) returns (bitmap_string char (20))
language c parameter style sql external name 'translateBitmap'
library t140_l1
deterministic no sql final call allow any parallelism state area size 1024 ;
-grant execute on function sch.t140_translatePrivsBitmap to "PUBLIC";
+grant execute on function t140_translatePrivsBitmap to "PUBLIC";
-- private schema owned by sql_user1
create schema t140_user1_private authorization sql_user1;
@@ -217,8 +218,8 @@ select distinct
object_type as type,
substring(authname(grantor_id),1,10) as grantor,
substring(authname(grantee_id),1,10) as grantee,
- sch.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
- sch.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+ t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
+ t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
from "_PRIVMGR_MD_".object_privileges
where object_uid in
(select object_uid
[4/5] incubator-trafodion git commit: Merge branch 'master' into
priv-fixes
Posted by rm...@apache.org.
Merge branch 'master' into priv-fixes
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/240cc688
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/240cc688
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/240cc688
Branch: refs/heads/master
Commit: 240cc68846a078c4494c98dab4a3fe2185d9c570
Parents: 5af07d6 02c6c32
Author: Roberta Marton <ro...@apache.org>
Authored: Tue Jan 26 16:22:30 2016 +0000
Committer: Roberta Marton <ro...@apache.org>
Committed: Tue Jan 26 16:22:30 2016 +0000
----------------------------------------------------------------------
.rat-excludes | 4 +-
RAT_README.txt | 10 +
.../transactional/TrxRegionEndpoint.java | 318 +-
.../transactional/TrxRegionObserver.java | 72 +-
core/sql/executor/ExHbaseAccess.cpp | 75 +-
core/sql/executor/ExHbaseAccess.h | 2 -
core/sql/executor/ExHbaseIUD.cpp | 28 +-
core/sql/generator/GenExplain.cpp | 261 ++
core/sql/generator/GenPreCode.cpp | 481 ++-
core/sql/generator/GenRelScan.cpp | 3 +-
core/sql/optimizer/RelScan.h | 10 +
core/sql/optimizer/ValueDesc.cpp | 32 +-
core/sql/optimizer/ValueDesc.h | 5 +
core/sql/regress/core/EXPECTEDRTS | 1390 ++++----
core/sql/regress/executor/EXPECTED140 | 911 +++++
core/sql/regress/executor/FILTER140 | 42 +
core/sql/regress/executor/TEST140 | 96 +
core/sql/regress/seabase/EXPECTED010 | 454 ++-
core/sql/regress/seabase/EXPECTED011 | 22 +-
core/sql/regress/seabase/EXPECTED016 | 161 +-
core/sql/regress/tools/runregr_core.ksh | 2 +-
core/sql/regress/tools/runregr_executor.ksh | 2 +-
core/sql/regress/tools/sbdefs | 2 +-
core/sql/sqlcomp/DefaultConstants.h | 2 +-
core/sql/sqlcomp/nadefaults.cpp | 17 +
.../java/org/trafodion/sql/HTableClient.java | 571 ++-
docs/.gitignore | 1 -
docs/client_install/pom.xml | 19 +-
.../src/asciidoc/_chapters/about.adoc | 2 +
.../src/asciidoc/_chapters/introduction.adoc | 6 +-
docs/client_install/src/asciidoc/index.adoc | 2 -
docs/command_interface/pom.xml | 19 +-
.../src/asciidoc/_chapters/commands.adoc | 6 +-
.../src/asciidoc/_chapters/interactive.adoc | 10 +-
.../src/asciidoc/_chapters/scripts.adoc | 2 +-
docs/css/trafodion-manuals.css | 431 ---
docs/css/trafodion-theme.yml | 75 -
docs/install_guide/pom.xml | 2 +-
.../src/asciidoc/_chapters/about.adoc | 24 +-
.../src/asciidoc/_chapters/dev_install.adoc | 26 -
.../src/asciidoc/_chapters/howto.adoc | 26 -
.../src/asciidoc/_chapters/product_install.adoc | 26 -
.../src/asciidoc/_chapters/requirements.adoc | 70 +
docs/install_guide/src/asciidoc/index.adoc | 5 -
docs/messages_guide/pom.xml | 279 ++
.../src/asciidoc/_chapters/about.adoc | 180 +
.../src/asciidoc/_chapters/binder_msgs.adoc | 2906 ++++++++++++++++
.../src/asciidoc/_chapters/compiler_msgs.adoc | 1549 +++++++++
.../src/asciidoc/_chapters/ddl_msgs.adoc | 3047 ++++++++++++++++
.../src/asciidoc/_chapters/executor_msgs.adoc | 935 +++++
.../asciidoc/_chapters/file_system_errors.adoc | 529 +++
.../src/asciidoc/_chapters/generator_msgs.adoc | 59 +
.../src/asciidoc/_chapters/introduction.adoc | 116 +
.../src/asciidoc/_chapters/optimizer_msgs.adoc | 118 +
.../src/asciidoc/_chapters/parser_msgs.adoc | 3273 ++++++++++++++++++
.../src/asciidoc/_chapters/sort_msgs.adoc | 504 +++
.../src/asciidoc/_chapters/sqlstate.adoc | 2111 +++++++++++
.../_chapters/udr_language_mgr_msgs.adoc | 112 +
docs/messages_guide/src/asciidoc/index.adoc | 73 +
docs/odb_user/pom.xml | 19 +-
docs/shared/google-analytics-postprocessor.rb | 43 +
docs/shared/trafodion-manuals.css | 431 +++
docs/shared/trafodion-theme.yml | 76 +
docs/sql_reference/pom.xml | 19 +-
.../src/asciidoc/_chapters/about.adoc | 2 +-
.../src/asciidoc/_chapters/sql_statements.adoc | 10 +-
.../src/asciidoc/_chapters/sql_utilities.adoc | 2 +-
.../src/site/markdown/create-dev-environment.md | 1 +
docs/src/site/markdown/document.md | 1 +
docs/src/site/markdown/download.md | 12 +-
docs/src/site/markdown/index.md | 119 +-
docs/src/site/markdown/passwordless-ssh.md | 4 +-
docs/src/site/site.xml | 6 +-
73 files changed, 20373 insertions(+), 1888 deletions(-)
----------------------------------------------------------------------