trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request #644: Trafodion 1788
Date Fri, 05 Aug 2016 21:45:37 GMT
GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/644

    Trafodion 1788

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion trafodion-1788

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/644.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #644
    
----
commit a71d832f20e7db3be70969b75d87a45f02072dea
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Date:   2016-07-16T00:22:43Z

    [TRAFODION-1882]: Column Privilege: a user can grant column privilege to ...
    [TRAFODION-1788]: Grant and Revoke on table columns with referencing views ...
    
    The main issue is that the view-col <=> referenced-col usages were not available
    from the metadata.
    -- create view was changed to add view-col <=> referenced-col usages to the
       TEXT table.  This allows NATable and privilege management to retrieve this
       information. No upgrade is required
    -- Privilege management was changed to see if views could still exist based
       only on column level privileges.
    -- Grants and revokes on referenced columns for objects are now  propagated to
       to referencing views
    -- Fixed an issue during column grants where column ordinals were not checked
       correctly [TRAFODION-1882]
    -- Fixed an issue where DB__ROOT, acting as schema owner, was able to grant
       privileges that the schema owner was not able to grant,

commit cd3d7e7b69c4e387f4a0e9219672bc62b6204ade
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Date:   2016-08-05T21:17:30Z

    Merge branch 'master' into trafodion-1788
    
    Conflicts:
    	core/sql/common/ComSmallDefs.h
    	core/sql/generator/Generator.cpp
    	core/sql/optimizer/NATable.cpp
    	core/sql/sqlcat/ReadTableDef.cpp
    	core/sql/sqlcat/desc.h

commit 5edd6b1eac080689c2dfe4ddb40a6113312cb21a
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Date:   2016-08-05T21:25:19Z

    [TRAFODION-1882]: Column Privilege: a user can grant column privilege to ...
    [TRAFODION-1788]: Grant and Revoke on table columns with referencing views ...
    
    This delivery fixes several issues related to object and columnn privileges.
    This should fix remaining issues with column level privileges so we can
    officially support them.
    
    -- When creating views, column level privileges were only considered if the
       SELECT privilege was not found at the object level.  Column level privs are
       now always considered, if the view owner has a privilege on all the columns
       that make up the view, then the view is granted the privilege.
    
    -- When granting or revoking privileges, the code needs to verify if a user has
       a privilege at the column level.  In order to to this, the code needs the
       view-col <=> referenced-col usages.  This information is current not
       available.  Create view was changed to add view-col <=> referenced-col usages
       to the TEXT table.  This allows NATable and privilege management to retrieve
       this information. Views created prior to the change will not allow column
       privileges to be granted.  These views have to be dropped and recreated.
    
    -- Grants and revokes on referenced columns for objects are now  propagated to
       to referencing view.  Propagation is performed to the immediate child views
       only.
    
    -- Added some code to prepare for CASCADE.  This code processes the chain of
       views that exist looking for objects that may be affected by the grant or
       revoke.
    
    -- The DB__ROOT user can perform operations on behalf on the schema owner.
       There were some situations where privileges were based on DB__ROOT instead
       of the schema_owner.  So a user that should not be granted a privileges was
       granted the privileges.  Changes were made to make sure the schema owner
       privileges were used in this situation.
    
    -- Fixed an issue during column grants where column ordinals were not checked
       for views that reference an object.
    
    -- Fixed an issue where insertable view info was not set up properly.
    
    -- Fixed a problem where role usages was not considered when getting the list
       correctly [TRAFODION-1882]
    
    -- Add new regression test privs2/TEST143 and moved the view propagation
       test from privs1/TEST141 to TEST143.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message