Repository: trafodion Updated Branches: refs/heads/master 1650c784e -> 8697d9262
http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrComponentOperations.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentOperations.cpp b/core/sql/sqlcomp/PrivMgrComponentOperations.cpp index bcbfa6b..280710a 100644 --- a/core/sql/sqlcomp/PrivMgrComponentOperations.cpp +++ b/core/sql/sqlcomp/PrivMgrComponentOperations.cpp @@ -58,6 +58,7 @@ namespace ComponentOperations class MyRow : public PrivMgrMDRow { public: + // ------------------------------------------------------------------- // Constructors and destructors: // ------------------------------------------------------------------- @@ -71,7 +72,7 @@ public: componentUID_ = other.componentUID_; operationCode_ = other.operationCode_; operationName_ = other.operationName_; - isSystem_ = other.isSystem_; + operationType_ = other.operationType_; operationDescription_ = other.operationDescription_; }; virtual ~MyRow() {}; @@ -82,14 +83,14 @@ public: const int64_t componentUID, const std::string & operationCode, std::string & operationName, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription); bool lookupByName( const int64_t componentUID, const std::string & operationName, std::string & operationCode, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription); // ------------------------------------------------------------------- @@ -100,7 +101,7 @@ public: int64_t componentUID_; std::string operationCode_; std::string operationName_; - bool isSystem_; + PrivMgrComponentOperations::OperationType operationType_; std::string operationDescription_; private: @@ -155,6 +156,10 @@ public: const std::string & whereClause, std::vector<MyRow *> &rowList); + PrivStatus update( + const std::string &setClause, + const std::string &whereClause); + private: MyTable(); void setRow(OutputInfo *pCliRow, MyRow &rowOut); @@ -284,7 +289,7 @@ PrivStatus privStatus = myTable.fetchByCode(componentUID,operationCode,row); // * is a 2 character code associated with the operation unique to the * // * component. * // * * -// * <isSystemOperation> bool In * +// * <isSystem> bool In * // * is true if the operation is a system operation. * // * * // * <operationDescription> const std::string & In * @@ -305,14 +310,12 @@ PrivStatus PrivMgrComponentOperations::createOperation( const std::string & componentName, const std::string & operationName, const std::string & operationCode, - bool isSystemOperation, + bool isSystem, const std::string & operationDescription, const bool existsErrorOK) { -//TODO: Related, could check for setting isSystem, could be separate -// privilege, or restricted to DB__ROOT. PrivMgrComponentPrivileges componentPrivileges(metadataLocation_, pDiags_); if (!ComUser::isRootUserID()&& @@ -379,7 +382,7 @@ std::string tempStr; // An operation can only be a system operation if its component is a // system component. - if (isSystemOperation && !isSystemComponent) + if (isSystem && !isSystemComponent) { *pDiags_ << DgSqlCode(-CAT_COMPONENT_NOT_SYSTEM); return STATUS_ERROR; @@ -391,7 +394,7 @@ MyRow row(fullTableName_); row.componentUID_ = componentUID; row.operationCode_ = operationCode; row.operationName_ = operationName; - row.isSystem_ = isSystemOperation; + row.operationType_ = (isSystem ? OP_TYPE_SYSTEM : OP_TYPE_USER); row.operationDescription_ = operationDescription; MyTable &myTable = static_cast<MyTable &>(myTable_); @@ -434,8 +437,8 @@ PrivMgrComponentPrivileges componentPrivilege(metadataLocation_,pDiags_); // * is a 2 character code associated with the operation unique to the * // * component. * // * * -// * <isSystemOperation> const bool In * -// * is true if the operation is a system operation. * +// * <operationTypeUnused> const bool In * +// * type of component, user, system, or unused. * // * * // * <operationDescription> const std::string & In * // * is a descrption of the operation. * @@ -464,15 +467,13 @@ PrivStatus PrivMgrComponentOperations::createOperationInternal( const int64_t componentUID, const std::string & operationName, const std::string & operationCode, - const bool isSystemOperation, + const bool operationTypeUnused, const std::string & operationDescription, const int32_t granteeID, const std::string & granteeName, const int32_t grantDepth, const bool checkExistence) - { - PrivStatus privStatus = STATUS_GOOD; // If operation already created, no need to create @@ -484,7 +485,7 @@ PrivStatus PrivMgrComponentOperations::createOperationInternal( row.componentUID_ = componentUID; row.operationCode_ = operationCode; row.operationName_ = operationName; - row.isSystem_ = isSystemOperation; + row.operationType_ = (operationTypeUnused ? OP_TYPE_UNUSED : OP_TYPE_SYSTEM); row.operationDescription_ = operationDescription; MyTable &myTable = static_cast<MyTable &>(myTable_); @@ -563,6 +564,7 @@ PrivStatus PrivMgrComponentOperations::describeComponentOperations( std::string whereClause("WHERE COMPONENT_UID = "); whereClause += componentUIDString; + whereClause += " and is_system <> 'U'"; PrivStatus privStatus = myTable.selectWhere(whereClause, rowList); @@ -571,13 +573,16 @@ PrivStatus PrivMgrComponentOperations::describeComponentOperations( for(int i = 0; i < rowList.size(); i++) { MyRow* myRow = rowList[i]; + if (myRow->operationType_ == OP_TYPE_UNUSED) + continue; + std::string componentText; componentText += "CREATE COMPONENT PRIVILEGE "; componentText += myRow->operationName_ + " AS "; componentText += "'" + myRow->operationCode_ + "'"; componentText += " ON " + componentName; - if(myRow->isSystem_) + if(myRow->operationType_ == OP_TYPE_SYSTEM) componentText += " SYSTEM"; if(!myRow->operationDescription_.empty()) @@ -722,8 +727,6 @@ PrivStatus PrivMgrComponentOperations::dropOperation( { -//TODO: Related, could check for setting isSystem, could be separate -// privilege, or restricted to DB__ROOT. PrivMgrComponentPrivileges componentPrivileges(metadataLocation_, pDiags_); if (!ComUser::isRootUserID()&& @@ -808,7 +811,6 @@ std::string whereClause("WHERE COMPONENT_UID = "); //************* End of PrivMgrComponentOperations::dropOperation *************** - // ***************************************************************************** // * * // * Function: PrivMgrComponentOperations::fetchByName * @@ -832,7 +834,6 @@ std::string whereClause("WHERE COMPONENT_UID = "); // * * // * <isSystem> bool & Out * // * passes back true if the component operation is a system level * -// * component operation, otherwise false. * // * * // * <operationDescription> std::string & Out * // * passes back the description of the component operation. * @@ -864,7 +865,7 @@ PrivStatus privStatus = myTable.fetchByName(componentUIDString,operationName,row return STATUS_NOTFOUND; operationCode = row.operationCode_; - isSystem = row.isSystem_; + isSystem = (row.operationType_ == OP_TYPE_SYSTEM); operationDescription = row.operationDescription_; return STATUS_GOOD; @@ -877,34 +878,76 @@ PrivStatus privStatus = myTable.fetchByName(componentUIDString,operationName,row // * * // * Function: PrivMgrComponentOperations::getCount * // * * -// * Returns the number of component operations. * +// * Returns: * +// * the total number of operations * +// * the number of unused operations * // * * // ***************************************************************************** // * * -// * Returns: int64_t * +// * Returns: PrivStatus * // * * -// * Returns the number of component operations. * +// * STATUS_GOOD : found operations * +// * STATUS_NOTFOUND : no operations were found * +// * STATUS_ERROR : unexpected error reading metadata * // * * // ***************************************************************************** -int64_t PrivMgrComponentOperations::getCount() - +PrivStatus PrivMgrComponentOperations::getCount( + const int64_t &componentUID, + int32_t &numOps, + int32_t &numUnusedOps) { - -std::string whereClause(" "); + char buf[getMetadataLocation().size() + 300]; + snprintf (buf, sizeof(buf), "select distinct is_system, count(is_system) over " + "(partition by is_system) from %s.%s where component_uid = %ld", + getMetadataLocation().c_str(),PRIVMGR_COMPONENT_OPERATIONS, + componentUID); -int64_t rowCount = 0; -MyTable &myTable = static_cast<MyTable &>(myTable_); + // set pointer in diags area + int32_t diagsMark = pDiags_->mark(); -// set pointer in diags area -int32_t diagsMark = pDiags_->mark(); + ExeCliInterface cliInterface(STMTHEAP, 0, NULL, + CmpCommon::context()->sqlSession()->getParentQid()); + Queue * tableQueue = NULL; + int32_t cliRC = cliInterface.fetchAllRows(tableQueue, buf, 0, false, false, true); + + if (cliRC < 0) + { + cliInterface.retrieveSQLDiagnostics(CmpCommon::diags()); + return STATUS_ERROR; + } + if (cliRC == 100) // did not find the row + { + pDiags_->rewind(diagsMark); + return STATUS_NOTFOUND; + } -PrivStatus privStatus = myTable.selectCountWhere(whereClause,rowCount); + numOps = 0; + numUnusedOps = 0; - if (privStatus != STATUS_GOOD) - pDiags_->rewind(diagsMark); - - return rowCount; + char * ptr = NULL; + int32_t len = 0; + char value[3]; + + int32_t opTypeCount; + // column 0: operation type + // column 1: count of rows for operation type + tableQueue->position(); + for (int idx = 0; idx < tableQueue->numEntries(); idx++) + { + OutputInfo * pCliRow = (OutputInfo*)tableQueue->getNext(); + pCliRow->get(0,ptr,len); + strncpy(value,ptr,len); + value[len] = 0; + pCliRow->get(1,ptr,len); + opTypeCount = *(reinterpret_cast<int32_t*>(ptr)); + + numOps += opTypeCount; + if (value[0] == 'U') + numUnusedOps += opTypeCount; + } + + return STATUS_GOOD; } //***************** End of PrivMgrComponentOperations::getCount **************** @@ -961,6 +1004,93 @@ PrivStatus privStatus = myTable.selectWhereUnique(whereClause,row); // ***************************************************************************** +// method: updateOperationCodes +// +// Goes through the ComponentOpStruct for the sql_operations component and +// creates two lists: +// list of unused operations +// list of system operations. +// +// Updates the component_operations table and +// sets is_system to "U" for unused operations +// sets is_system to "Y" for system operations +// +// TBD - add support for all components, not just sql_operations +// ***************************************************************************** +PrivStatus PrivMgrComponentOperations::updateOperationCodes( + const int64_t & componentUID ) +{ + if (componentUID != SQL_OPERATIONS_COMPONENT_UID) + { + PRIVMGR_INTERNAL_ERROR("Invalid component UID in PrivMgrComponentOperations::updateOperationCodes"); + return STATUS_ERROR; + } + + std::string unusedItems ("where component_uid = "); + unusedItems += UIDToString(componentUID); + unusedItems += " and operation_code in ("; + std::string systemItems(unusedItems); + + size_t numOps = sizeof(sqlOpList)/sizeof(ComponentOpStruct); + bool firstUnusedOp = true; + bool firstSystemOp = true; + for (int i = 0; i < numOps; i++) + { + const ComponentOpStruct &opDefinition = sqlOpList[i]; + if (opDefinition.unusedOp) + { + if (firstUnusedOp) + { + unusedItems += "'"; + firstUnusedOp = false; + } + else + unusedItems += ", '"; + + unusedItems += opDefinition.operationCode; + unusedItems += "'"; + } + + + else + { + if (firstSystemOp) + { + systemItems += "'"; + firstSystemOp = false; + } + else + systemItems += ", '"; + + systemItems += opDefinition.operationCode; + systemItems += "'"; + } + + } + + MyTable &myTable = static_cast<MyTable &>(myTable_); + + // Change system components to unused components + if (!firstUnusedOp) + { + unusedItems += ")"; + std::string setClause("set is_system = 'U' "); + if (myTable.update(setClause, unusedItems) == STATUS_ERROR) + return STATUS_ERROR; + } + + // Change unused components to system components + if (!firstSystemOp) + { + systemItems += ")"; + std::string setClause("set is_system = 'Y' "); + if (myTable.update(setClause, systemItems) == STATUS_ERROR) + return STATUS_ERROR; + } + return STATUS_GOOD; +} + +// ***************************************************************************** // * * // * Function: PrivMgrComponentOperations::nameExists * // * * @@ -1005,9 +1135,6 @@ PrivStatus privStatus = myTable.fetchByName(componentUID,operationName,row); //******************** End of PrivMgrComponents::nameExists ******************** - - - // ***************************************************************************** // MyTable methods // ***************************************************************************** @@ -1050,7 +1177,7 @@ PrivStatus MyTable::fetchByCode( // Check the last row read before reading metadata. if (lastRowRead_.lookupByCode(componentUID,operationCode, - row.operationName_,row.isSystem_, + row.operationName_,row.operationType_, row.operationDescription_)) { row.componentUID_ = componentUID; @@ -1175,7 +1302,7 @@ PrivStatus MyTable::fetchByName( // Check the last row read before reading metadata. if (lastRowRead_.lookupByName(componentUID,operationName, - row.operationCode_,row.isSystem_, + row.operationCode_,row.operationType_, row.operationDescription_)) { row.componentUID_ = componentUID; @@ -1242,23 +1369,16 @@ PrivStatus privStatus = selectWhereUnique(whereClause,row); // ***************************************************************************** PrivStatus MyTable::insert(const PrivMgrMDRow & rowIn) { + char insertStatement[1000]; + const MyRow & row = static_cast<const MyRow &>(rowIn); + char operationType = PrivMgrComponentOperations::compTypeToLit(row.operationType_); -char insertStatement[1000]; - -const MyRow & row = static_cast<const MyRow &>(rowIn); -char isSystem[3] = {0}; - - if (row.isSystem_) - isSystem[0] = 'Y'; - else - isSystem[0] = 'N'; - - sprintf(insertStatement, "insert into %s values (%ld, '%s', '%s', '%s', '%s')", + sprintf(insertStatement, "insert into %s values (%ld, '%s', '%s', '%c', '%s')", tableName_.c_str(), row.componentUID_, row.operationCode_.c_str(), row.operationName_.c_str(), - isSystem, + operationType, row.operationDescription_.c_str()); return CLIImmediate(insertStatement); @@ -1340,10 +1460,7 @@ MyRow & row = static_cast<MyRow &>(rowOut); cliInterface.getPtrAndLen(4,ptr,len); strncpy(value,ptr,len); value[len] = 0; - if (value[0] == 'Y') - row.isSystem_ = true; - else - row.isSystem_ = false; + row.operationType_ = PrivMgrComponentOperations::compTypeToEnum(value[0]); // column 5: operation_description cliInterface.getPtrAndLen(5,ptr,len); @@ -1360,6 +1477,25 @@ MyRow & row = static_cast<MyRow &>(rowOut); // ***************************************************************************** +// method: update +// +// Updates metadata based on the passed in set and where clauses. +// ***************************************************************************** +PrivStatus MyTable::update( + const std::string & setClause, + const std::string & whereClause) +{ + char updateStatement[setClause.size() + whereClause.size() + tableName_.size() + 100]; + + sprintf(updateStatement, "update %s %s %s", + tableName_.c_str(), + setClause.c_str(), + whereClause.c_str()); + + return CLIImmediate(updateStatement); +} + +// ***************************************************************************** // MyRow methods // ***************************************************************************** @@ -1384,9 +1520,8 @@ MyRow & row = static_cast<MyRow &>(rowOut); // * <operationName> std::string & Out * // * passes back the name of the component operation. * // * * -// * <isSystem> bool & Out * -// * passes back true if the component operation is a system level * -// * component operation, otherwise false. * +// * <operationType> OperationType & Out * +// * passes back the component type, system, user, or unused. * // * * // * <operationDescription> std::string & Out * // * passes back the description of the component operation. * @@ -1403,7 +1538,7 @@ bool MyRow::lookupByCode( const int64_t componentUID, const std::string & operationCode, std::string & operationName, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription) { @@ -1415,7 +1550,7 @@ bool MyRow::lookupByCode( operationCode != operationCode) return false; - isSystem = isSystem_; + operationType = operationType_; operationName = operationName_; operationDescription = operationDescription_; return true; @@ -1445,9 +1580,8 @@ bool MyRow::lookupByCode( // * <operationCode> std::string & Out * // * passes back the code associated with the component operation. * // * * -// * <isSystem> bool & Out * -// * passes back true if the component operation is a system level * -// * component operation, otherwise false. * +// * <OperationType> operationType & Out * +// * passes back the component type, system, user, or unused. * // * * // * <operationDescription> std::string & Out * // * passes back the description of the component operation. * @@ -1464,7 +1598,7 @@ bool MyRow::lookupByName( const int64_t componentUID, const std::string & operationName, std::string & operationCode, - bool & isSystem, + PrivMgrComponentOperations::OperationType & operationType, std::string & operationDescription) { @@ -1476,7 +1610,7 @@ bool MyRow::lookupByName( operationName != operationName_) return false; - isSystem = isSystem_; + operationType = operationType_; operationCode = operationCode_; operationDescription = operationDescription_; return true; @@ -1585,10 +1719,7 @@ void MyTable::setRow(OutputInfo *pCliRow, MyRow &row) pCliRow->get(3,ptr,len); strncpy(value,ptr,len); value[len] = 0; - if (value[0] == 'Y') - row.isSystem_ = true; - else - row.isSystem_ = false; + row.operationType_ = PrivMgrComponentOperations::compTypeToEnum(value[0]); // column 5: OPERATION_DESCRIPTION pCliRow->get(4,ptr,len); http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrComponentOperations.h ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentOperations.h b/core/sql/sqlcomp/PrivMgrComponentOperations.h index 7d0069d..4e769c6 100644 --- a/core/sql/sqlcomp/PrivMgrComponentOperations.h +++ b/core/sql/sqlcomp/PrivMgrComponentOperations.h @@ -40,6 +40,11 @@ class PrivMgrComponentOperations : public PrivMgr { public: + enum OperationType { OP_TYPE_UNKNOWN, + OP_TYPE_SYSTEM, + OP_TYPE_USER, + OP_TYPE_UNUSED }; + // ------------------------------------------------------------------- // Constructors and destructors: // ------------------------------------------------------------------- @@ -55,6 +60,27 @@ public: void clear(); + static OperationType compTypeToEnum (const char operationType ) + { + switch (operationType) + { + case 'Y': return OP_TYPE_SYSTEM; + case 'N': return OP_TYPE_USER; + case 'U': return OP_TYPE_UNUSED; + default: return OP_TYPE_UNKNOWN; + } + } + static char compTypeToLit (OperationType type) + { + switch(type) + { + case OP_TYPE_SYSTEM: return 'Y'; + case OP_TYPE_USER: return 'N'; + case OP_TYPE_UNUSED: return 'U'; + default: return ' '; + } + } + PrivStatus createOperation( const std::string & componentName, const std::string & operationName, @@ -67,7 +93,7 @@ public: const int64_t componentUID, const std::string & operationName, const std::string & operationCode, - const bool isSystemOperation, + const bool operationTypeUnused, const std::string & operationDescription, const int32_t granteeID, const std::string & granteeName, @@ -103,10 +129,16 @@ public: bool isSystem, std::string & operationDescription); - int64_t getCount(); - + PrivStatus getCount( + const int64_t &componentUID, + int32_t &numOps, + int32_t &numUnusedOps); + bool isComponentUsed(const std::string & componentUIDString); + PrivStatus updateOperationCodes( + const int64_t & componentUID); + bool nameExists( const int64_t componentUID, const std::string & operationName); http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp b/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp index a82da0f..257a123 100644 --- a/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrComponentPrivileges.cpp @@ -23,6 +23,7 @@ #include "PrivMgrComponentPrivileges.h" #include "PrivMgrDefs.h" +#include "PrivMgrComponentDefs.h" #include "PrivMgrMD.h" #include "PrivMgrMDTable.h" #include "PrivMgrComponents.h" @@ -142,12 +143,14 @@ public: inline void clear() { lastRowRead_.clear(); }; - PrivStatus fetchDMLPrivInfo( + PrivStatus fetchCompPrivInfo( const int32_t granteeID, const std::vector<int32_t> & roleIDs, - PrivObjectBitmap & DMLBitmap, - bool & hasManagePrivileges); - + PrivObjectBitmap & DMLPrivs, + bool & hasManagePrivPriv, + bool & hasSelectMetadata, + bool & hasAnyManagePriv); + PrivStatus fetchOwner( const int64_t componentUID, const std::string & operationCode, @@ -430,8 +433,8 @@ std::string whereClause("WHERE "); // * is a string representation of the unique ID associated with the * // * component. * // * * -// * <operationCode> const std::string & In * -// * is the two character code associated with the component operation. * +// * <operationCodeList> const std::string & In * +// * is a list of 2 character operation codes associateed with the component* // * * // ***************************************************************************** // * * @@ -447,10 +450,8 @@ PrivStatus PrivMgrComponentPrivileges::dropAllForOperation( const std::string & operationCode) { - -MyTable &myTable = static_cast<MyTable &>(myTable_); - -std::string whereClause("WHERE "); + MyTable &myTable = static_cast<MyTable &>(myTable_); + std::string whereClause("WHERE "); whereClause += "COMPONENT_UID = "; whereClause += componentUIDString.c_str(); @@ -458,11 +459,8 @@ std::string whereClause("WHERE "); whereClause += operationCode.c_str(); whereClause += "'"; - return myTable.deleteWhere(whereClause); - + return myTable.deleteWhere(whereClause); } -//*********** End of PrivMgrComponentPrivileges::dropAllForOperation *********** - // ***************************************************************************** @@ -593,11 +591,15 @@ bool PrivMgrComponentPrivileges::dropAllForGrantee( // * Returns the number of grants of component privileges. * // * * // ***************************************************************************** -int64_t PrivMgrComponentPrivileges::getCount() - +int64_t PrivMgrComponentPrivileges::getCount(int_32 componentUID) { -std::string whereClause(" "); +std::string whereClause(" "); +if (componentUID != INVALID_COMPONENT_UID) +{ + whereClause = "where component_uid = "; + whereClause += to_string((long long int)componentUID); +} int64_t rowCount = 0; MyTable &myTable = static_cast<MyTable &>(myTable_); @@ -619,10 +621,10 @@ PrivStatus privStatus = myTable.selectCountWhere(whereClause,rowCount); // ***************************************************************************** // * * -// * Function: PrivMgrComponentPrivileges::getSQLDMLPrivileges * +// * Function: PrivMgrComponentPrivileges::getSQLCompPrivs * // * * -// * Returns the SQL_OPERATION privileges associated with DML privileges * -// * for the specified authorization ID. * +// * Returns the SQL_OPERATIONS privileges that may affect privileges * +// * for metadata tables. * // * * // ***************************************************************************** // * * @@ -637,25 +639,35 @@ PrivStatus privStatus = myTable.selectCountWhere(whereClause,rowCount); // * <DMLBitmap> PrivObjectBitmap & In * // * passes back the system-level DML privileges granted to the grantee. * // * * -// * <hasManagePrivileges> bool & In * +// * <hasManagePrivPriv> bool & In * // * passes back if the user has MANAGE_PRIVILEGES authority. * // * * +// * <hasSelectMetadata> bool & In * +// * passes back if the user has DML_SELECT_PRIVILEGE * +// * * +// * <hasAnyManagePriv> bool & In * +// * passes back if the user has any MANAGE privilege * +// * * // ***************************************************************************** -void PrivMgrComponentPrivileges::getSQLDMLPrivileges( + +void PrivMgrComponentPrivileges::getSQLCompPrivs( const int32_t granteeID, const std::vector<int32_t> & roleIDs, - PrivObjectBitmap & DMLBitmap, - bool & hasManagePrivileges) + PrivObjectBitmap & DMLPrivs, + bool & hasManagePrivPriv, + bool & hasSelectMetadata, + bool & hasAnyManagePriv) { - + MyTable &myTable = static_cast<MyTable &>(myTable_); // set pointer in diags area int32_t diagsMark = pDiags_->mark(); -PrivStatus privStatus = myTable.fetchDMLPrivInfo(granteeID,roleIDs,DMLBitmap, - hasManagePrivileges); +PrivStatus privStatus = myTable.fetchCompPrivInfo(granteeID,roleIDs,DMLPrivs, + hasManagePrivPriv, hasSelectMetadata, + hasAnyManagePriv); if (privStatus != STATUS_GOOD) pDiags_->rewind(diagsMark); @@ -2033,7 +2045,7 @@ void MyTable::describeGrantTree( // ***************************************************************************** // * * -// * Function: MyTable::fetchDMLPrivInfo * +// * Function: MyTable::fetchCompPrivInfo * // * * // * Reads from the COMPONENT_PRIVILEGES table and returns the * // * SQL_OPERATIONS privileges associated with DML privileges. * @@ -2051,7 +2063,7 @@ void MyTable::describeGrantTree( // * <DMLBitmap> PrivObjectBitmap & In * // * passes back the system-level DML privileges granted to the grantee. * // * * -// * <hasManagePrivileges> bool & In * +// * <hasManagePrivPriv> bool & In * // * passes back if the user has MANAGE_PRIVILEGES authority. * // * * // ***************************************************************************** @@ -2062,38 +2074,31 @@ void MyTable::describeGrantTree( // * *: Error encountered. * // * * // ***************************************************************************** -PrivStatus MyTable::fetchDMLPrivInfo( +PrivStatus MyTable::fetchCompPrivInfo( const int32_t granteeID, const std::vector<int32_t> & roleIDs, - PrivObjectBitmap & DMLBitmap, - bool & hasManagePrivileges) - -{ - -// Check the last grantee data read before reading metadata. + PrivObjectBitmap & DMLPrivs, + bool & hasManagePrivPriv, + bool & hasSelectMetadata, + bool & hasAnyManagePriv) +{ + // Check the last grantee data read before reading metadata. +#if 0 + // If privileges change between calls, then cache is not refreshed + // comment out this check for now if (userDMLPrivs_.granteeID_ == granteeID && userDMLPrivs_.roleIDs_ == roleIDs) { - DMLBitmap = userDMLPrivs_.DMLBitmap_; - hasManagePrivileges = userDMLPrivs_.managePrivileges_; + DMLPrivs = userDMLPrivs_.DMLPrivs_; + hasManagePrivPriv = userDMLPrivs_.managePrivileges_; return STATUS_GOOD; } - -// Not found in cache, look for the priv info in metadata. -// ??? - is the component_uid for SQL_OPERATIONS always going to be 1? -std::string whereClause("WHERE COMPONENT_UID = 1 AND OPERATION_CODE IN ('"); +#endif + // Not found in cache, look for the priv info in metadata. + std::string whereClause("WHERE COMPONENT_UID = 1 "); - for (SQLOperation operation = SQLOperation::FIRST_DML_PRIV; - static_cast<int>(operation) <= static_cast<int>(SQLOperation::LAST_DML_PRIV); - operation = static_cast<SQLOperation>(static_cast<int>(operation) + 1)) - { - whereClause += PrivMgr::getSQLOperationCode(operation); - whereClause += "','"; - } - - whereClause += PrivMgr::getSQLOperationCode(SQLOperation::MANAGE_PRIVILEGES); - whereClause += "') AND GRANTEE_ID IN ("; + whereClause += "AND GRANTEE_ID IN ("; whereClause += PrivMgr::authIDToString(granteeID); whereClause += ","; for (size_t ri = 0; ri < roleIDs.size(); ri++) @@ -2103,76 +2108,86 @@ std::string whereClause("WHERE COMPONENT_UID = 1 AND OPERATION_CODE IN ('"); } whereClause += PrivMgr::authIDToString(PUBLIC_USER); whereClause += ")"; - -std::string orderByClause; - -std::vector<MyRow> rows; -PrivStatus privStatus = selectAllWhere(whereClause,orderByClause,rows); + std::string orderByClause; + + std::vector<MyRow> rows; + + PrivStatus privStatus = selectAllWhere(whereClause,orderByClause,rows); if (privStatus != STATUS_GOOD && privStatus != STATUS_WARNING) return privStatus; - -// Initialize cache. + + // Initialize cache. userDMLPrivs_.granteeID_ = granteeID; userDMLPrivs_.roleIDs_ = roleIDs; userDMLPrivs_.managePrivileges_ = false; - userDMLPrivs_.DMLBitmap_.reset(); - - for (size_t r = 0; r < rows.size(); r++) + userDMLPrivs_.DMLBitmap_.reset(); + + hasAnyManagePriv = false; + + for (size_t r = 0; r < rows.size(); r++) { MyRow &row = rows[r]; - + + if (PrivMgr::isSQLManageOperation(row.operationCode_.c_str())) + hasAnyManagePriv = true; + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::MANAGE_PRIVILEGES)) { userDMLPrivs_.managePrivileges_ = true; continue; - } - + } + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_DELETE)) { userDMLPrivs_.DMLBitmap_.set(DELETE_PRIV); continue; - } - + } + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_INSERT)) { userDMLPrivs_.DMLBitmap_.set(INSERT_PRIV); continue; - } - + } if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_REFERENCES)) { userDMLPrivs_.DMLBitmap_.set(REFERENCES_PRIV); continue; - } - + } + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_SELECT)) { userDMLPrivs_.DMLBitmap_.set(SELECT_PRIV); continue; - } - + } + + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_EXECUTE)) + { + userDMLPrivs_.DMLBitmap_.set(EXECUTE_PRIV); + continue; + } + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_UPDATE)) { userDMLPrivs_.DMLBitmap_.set(UPDATE_PRIV); continue; - } - + } + if (row.operationCode_ == PrivMgr::getSQLOperationCode(SQLOperation::DML_USAGE)) { userDMLPrivs_.DMLBitmap_.set(USAGE_PRIV); continue; - } + } } - - hasManagePrivileges = userDMLPrivs_.managePrivileges_; - DMLBitmap = userDMLPrivs_.DMLBitmap_; - - return STATUS_GOOD; -} -//******************* End of MyTable::fetchDMLPrivInfo ************************* + hasManagePrivPriv = userDMLPrivs_.managePrivileges_; + DMLPrivs = userDMLPrivs_.DMLBitmap_; + + + return STATUS_GOOD; +} +//******************* End of MyTable::fetchCompPrivInfo************************* // ***************************************************************************** // * * http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrComponentPrivileges.h ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrComponentPrivileges.h b/core/sql/sqlcomp/PrivMgrComponentPrivileges.h index b87e31f..3f7eadf 100644 --- a/core/sql/sqlcomp/PrivMgrComponentPrivileges.h +++ b/core/sql/sqlcomp/PrivMgrComponentPrivileges.h @@ -82,14 +82,16 @@ public: const std::string & componentName, const std::string & operationName); - int64_t getCount(); + int64_t getCount( const int32_t componentUID = INVALID_COMPONENT_UID ); - void getSQLDMLPrivileges( + void getSQLCompPrivs( const int32_t granteeID, const std::vector<int32_t> & roleIDs, - PrivObjectBitmap & DMLBitmap, - bool & hasManagePrivileges); - + PrivObjectBitmap & DMLPrivs, + bool & hasManagePrivPriv, + bool & hasSelectMetadata, + bool & hasAnyManagePriv); + PrivStatus grantPrivilege( const std::string & componentName, const std::vector<std::string> & operations, http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrDefs.h ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrDefs.h b/core/sql/sqlcomp/PrivMgrDefs.h index 5820460..8f69e9e 100644 --- a/core/sql/sqlcomp/PrivMgrDefs.h +++ b/core/sql/sqlcomp/PrivMgrDefs.h @@ -38,6 +38,13 @@ // * // ***************************************************************************** +#define PRIVMGR_INTERNAL_ERROR(text) \ + *pDiags_ << DgSqlCode(-CAT_INTERNAL_EXCEPTION_ERROR) \ + << DgString0(__FILE__) \ + << DgInt0(__LINE__) \ + << DgString1(text) + + // Returns the result of the operation enum PrivStatus { STATUS_UNKNOWN = 20, STATUS_GOOD = 21, @@ -70,16 +77,6 @@ inline const char * privStatusEnumToLit(PrivStatus privStatus) } -enum {SQL_OPERATIONS_COMPONENT_UID = 1}; -#define SQL_OPERATION_NAME "SQL_OPERATIONS" - -#define PRIVMGR_INTERNAL_ERROR(text) \ - *pDiags_ << DgSqlCode(-CAT_INTERNAL_EXCEPTION_ERROR) \ - << DgString0(__FILE__) \ - << DgInt0(__LINE__) \ - << DgString1(text) - - enum class PrivClass { ALL = 2, OBJECT = 3, @@ -155,77 +152,6 @@ inline bool isSequenceGeneratorPrivType(PrivType privType) } -// Defines the list of privileges that are supported for the -// SQLOperation component -enum class SQLOperation { - ALTER = 2, - ALTER_LIBRARY, - ALTER_ROUTINE, - ALTER_ROUTINE_ACTION, - ALTER_SCHEMA, - ALTER_SEQUENCE, - ALTER_SYNONYM, - ALTER_TABLE, - ALTER_TRIGGER, - ALTER_VIEW, - CREATE, - CREATE_CATALOG, - CREATE_INDEX, - CREATE_LIBRARY, - CREATE_PROCEDURE, - CREATE_ROUTINE, - CREATE_ROUTINE_ACTION, - CREATE_SCHEMA, - CREATE_SEQUENCE, - CREATE_SYNONYM, - CREATE_TABLE, - CREATE_TRIGGER, - CREATE_VIEW, - DML_DELETE, - DML_EXECUTE, - DML_INSERT, - DML_REFERENCES, - DML_SELECT, - DML_UPDATE, - DML_USAGE, - DROP, - DROP_CATALOG, - DROP_INDEX, - DROP_LIBRARY, - DROP_PROCEDURE, - DROP_ROUTINE, - DROP_ROUTINE_ACTION, - DROP_SCHEMA, - DROP_SEQUENCE, - DROP_SYNONYM, - DROP_TABLE, - DROP_TRIGGER, - DROP_VIEW, - MANAGE, - MANAGE_COMPONENTS, - MANAGE_LIBRARY, - MANAGE_LOAD, - MANAGE_PRIVILEGES, - MANAGE_ROLES, - MANAGE_STATISTICS, - MANAGE_USERS, - QUERY_ACTIVATE, - QUERY_CANCEL, - QUERY_SUSPEND, - REMAP_USER, - REGISTER_HIVE_OBJECT, - SHOW, - UNREGISTER_HIVE_OBJECT, - USE_ALTERNATE_SCHEMA, - COMMENT, - FIRST_OPERATION = ALTER, - LAST_OPERATION = COMMENT, - NUMBER_OF_OPERATIONS = LAST_OPERATION - FIRST_OPERATION + 1, - UNKNOWN, - FIRST_DML_PRIV = DML_DELETE, - LAST_DML_PRIV = DML_USAGE -}; - enum class PrivDropBehavior { CASCADE = 2, RESTRICT = 3 http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrMD.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrMD.cpp b/core/sql/sqlcomp/PrivMgrMD.cpp index 91047e7..94e8226 100644 --- a/core/sql/sqlcomp/PrivMgrMD.cpp +++ b/core/sql/sqlcomp/PrivMgrMD.cpp @@ -153,127 +153,171 @@ PrivMgrMDAdmin::~PrivMgrMDAdmin() // ---------------------------------------------------------------------------- PrivStatus PrivMgrMDAdmin::initializeComponentPrivileges() - { std::string traceMsg; - log(__FILE__, "initializing component privileges", -1); + log(__FILE__, "Initializing component privileges", -1); PrivStatus privStatus = STATUS_GOOD; - // First register the component. - PrivMgrComponents components(metadataLocation_,pDiags_); - bool componentExists = (components.exists(SQL_OPERATION_NAME)); - if (!componentExists) - { - privStatus = components.registerComponentInternal(SQL_OPERATION_NAME, - SQL_OPERATIONS_COMPONENT_UID, - true,"Component for SQL operations"); - if (privStatus != STATUS_GOOD) - { - log(__FILE__, "ERROR: unable to register SQL_OPERATIONS component", -1); - return STATUS_ERROR; - } - } - -// Component is registered, now create all the operations associated with -// the component. A grant from the system to the grantee (DB__ROOT) will -// be added for each operation. - -PrivMgrComponentOperations componentOperations(metadataLocation_,pDiags_); -std::vector<std::string> operationCodes; - -int32_t DB__ROOTID = ComUser::getRootUserID(); -std::string DB__ROOTName(ComUser::getRootUserName()); - - for (SQLOperation operation = SQLOperation::FIRST_OPERATION; - static_cast<int>(operation) <= static_cast<int>(SQLOperation::LAST_OPERATION); - operation = static_cast<SQLOperation>(static_cast<int>(operation) + 1)) + PrivMgrComponents components(metadataLocation_,pDiags_); + size_t numComps = sizeof(componentList)/sizeof(ComponentListStruct); + for (int c = 0; c < numComps; c++) { - const char *codePtr = PrivMgr::getSQLOperationCode(operation); - privStatus = componentOperations.createOperationInternal(SQL_OPERATIONS_COMPONENT_UID, - PrivMgr::getSQLOperationName(operation), - codePtr,true, - PrivMgr::getSQLOperationDescription(operation), - DB__ROOTID,DB__ROOTName,-1, - componentExists); - - if (privStatus == STATUS_GOOD) - operationCodes.push_back(codePtr); - else + // Get description of component + const ComponentListStruct &compDefinition = componentList[c]; + int64_t compUID(compDefinition.componentUID); + std::string compName(compDefinition.componentName); + std::string compDef("System component "); + compDef += compName; + + log(__FILE__, compDef, -1); + + bool componentExists = (components.exists(compName)); + if (!componentExists) { - traceMsg = "WARNING unable to create component operation: "; - traceMsg += PrivMgr::getSQLOperationName(operation); - log(__FILE__, traceMsg, -1); - } - } + // Register component + privStatus = components.registerComponentInternal(compName,compUID,true,compDef); + if (privStatus != STATUS_GOOD) + { + traceMsg = "ERROR: unable to register component "; + traceMsg += compName.c_str(); + log(__FILE__, traceMsg.c_str(), -1); + return STATUS_ERROR; + } + } -// In the unlikely event no operations were created, we are done. - if (operationCodes.size() == 0) - return STATUS_GOOD; + // Component is registered, now create all the operations associated with + // the component. A grant from the system to the owner (DB__ROOT) will + // be added for each operation. In addition, set up the list of grants + // for different users/roles. + // allOpsList - list of operations (granted to owner) + // rootRoleList - list of operations granted to DB__ROOTROLE + // publicList - list of operations granted to PUBLIC + std::vector<std::string> allOpsList; + std::vector<std::string> rootRoleList; + std::vector<std::string> publicList; + + PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_); + PrivMgrComponentOperations componentOperations(metadataLocation_,pDiags_); + int32_t DB__ROOTID = ComUser::getRootUserID(); + std::string DB__ROOTName(ComUser::getRootUserName()); + + int32_t numOps = compDefinition.numOps; + int32_t numExistingOps = 0; + int32_t numExistingUnusedOps = 0; + if (componentOperations.getCount(compUID, numExistingOps, numExistingUnusedOps) == STATUS_ERROR) + return STATUS_ERROR; + + // Add any new operations + if ( numExistingOps < numOps) + { + // The ComponentOpStruct describes the component operations required for + // each component. Each entry contains the operationCode, + // operationName, whether the privileges should be granted for + // DB__ROOTROLE, and PUBLIC, etc. + for (int i = 0; i < numOps; i++) + { + const ComponentOpStruct opDefinition = compDefinition.componentOps[i]; + + std::string description = "Allow grantee to perform "; + description += opDefinition.operationName; + description += " operation"; + + // create the operation + privStatus = componentOperations.createOperationInternal(compUID, + opDefinition.operationName, + opDefinition.operationCode, + opDefinition.unusedOp, + description, + DB__ROOTID,DB__ROOTName,-1, + componentExists); + + if (privStatus == STATUS_GOOD) + { + // All operations are included in the allOpsList + allOpsList.push_back(opDefinition.operationName); + if (opDefinition.isRootRoleOp) + rootRoleList.push_back(opDefinition.operationCode); + if (opDefinition.isPublicOp) + publicList.push_back(opDefinition.operationCode); + } + else + { + traceMsg = "WARNING unable to create component operation: "; + traceMsg += opDefinition.operationName; + log(__FILE__, traceMsg, -1); + return privStatus; + } + } + + // In the unlikely event no operations were created, we are done. + if (allOpsList.size() == 0) + return STATUS_GOOD; -PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_); - -// Grant all SQL_OPERATIONS to DB__ROOTROLE WITH GRANT OPTION - privStatus = componentPrivileges.grantPrivilegeInternal(SQL_OPERATIONS_COMPONENT_UID, - operationCodes, - ComUser::getRootUserID(), - ComUser::getRootUserName(), - ROOT_ROLE_ID, - DB__ROOTROLE,-1, - componentExists); + // Grant all SQL_OPERATIONS to DB__ROOTROLE WITH GRANT OPTION + privStatus = componentPrivileges.grantPrivilegeInternal(compUID, + rootRoleList, + DB__ROOTID, + ComUser::getRootUserName(), + ROOT_ROLE_ID, + DB__ROOTROLE,-1, + componentExists); - if (privStatus != STATUS_GOOD) - { - traceMsg = "ERROR unable to grant DB__ROOTROLE to components"; - log(__FILE__, traceMsg, -1); - return privStatus; - } - -// Grant SQL_OPERATIONS CREATE_SCHEMA and SHOW to PUBLIC -std::vector<std::string> CSOperationCodes; - - CSOperationCodes.push_back(PrivMgr::getSQLOperationCode(SQLOperation::CREATE_SCHEMA)); - CSOperationCodes.push_back(PrivMgr::getSQLOperationCode(SQLOperation::SHOW)); - - privStatus = componentPrivileges.grantPrivilegeInternal(SQL_OPERATIONS_COMPONENT_UID, - CSOperationCodes, - ComUser::getRootUserID(), - ComUser::getRootUserName(), - PUBLIC_USER, - PUBLIC_AUTH_NAME,0, - componentExists); + if (privStatus != STATUS_GOOD) + { + traceMsg = "ERROR unable to grant DB__ROOTROLE to components"; + log(__FILE__, traceMsg, -1); + return privStatus; + } - if (privStatus != STATUS_GOOD) - { - traceMsg = "ERROR unable to grant PUBLIC to components"; - log(__FILE__, traceMsg, -1); - return privStatus; - } - -// Verify counts for tables. + // Grant privileges to PUBLIC + privStatus = componentPrivileges.grantPrivilegeInternal(compUID, + publicList, + DB__ROOTID, + ComUser::getRootUserName(), + PUBLIC_USER, + PUBLIC_AUTH_NAME,0, + componentExists); + if (privStatus != STATUS_GOOD) + { + traceMsg = "ERROR unable to grant PUBLIC to components"; + log(__FILE__, traceMsg, -1); + return privStatus; + } + } -// Minimum number of privileges granted is 2 for each operation (one each -// for DB__ROOT and DB__ROOTROLE) plus the two grants to PUBLIC. + // Update component_privileges and update operation codes appropriately + size_t numUnusedOps = PrivMgr::getSQLUnusedOpsCount(); + if (numExistingOps > 0 /* doing upgrade */ && + (numUnusedOps != numExistingUnusedOps)) + { + privStatus = componentOperations.updateOperationCodes(compUID); + if (privStatus == STATUS_ERROR) + return privStatus; + } -int64_t expectedPrivCount = static_cast<int64_t>(SQLOperation::NUMBER_OF_OPERATIONS) * 2 + 2; + // Verify counts from tables. - if (components.getCount() != 1 || - componentOperations.getCount() != static_cast<int64_t>(SQLOperation::NUMBER_OF_OPERATIONS) || - componentPrivileges.getCount() < expectedPrivCount) - { - std::string message ("Expecting "); - message += to_string((long long int)expectedPrivCount); - message += " component privileges, instead "; - message += to_string((long long int)componentPrivileges.getCount()); - message += " were found."; - traceMsg = "ERROR: "; - traceMsg += message; - log(__FILE__, message, -1); - PRIVMGR_INTERNAL_ERROR(message.c_str()); - return STATUS_ERROR; + // Minimum number of privileges granted is: + // one for each operation (owner) + // one for each entry in rootRoleList and publicList + // This check was added because of issues with insert/upsert, is it still needed? + int64_t expectedPrivCount = numOps + rootRoleList.size() + publicList.size(); + + if (componentPrivileges.getCount(compUID) < expectedPrivCount) + { + std::string message ("Expecting "); + message += to_string((long long int)expectedPrivCount); + message += " component privileges, instead "; + message += PrivMgr::authIDToString(numExistingOps); + message += " were found."; + traceMsg = "ERROR: "; + traceMsg += message; + log(__FILE__, message, -1); + PRIVMGR_INTERNAL_ERROR(message.c_str()); + return STATUS_ERROR; + } } - return STATUS_GOOD; - } // ---------------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafodion/blob/88ed0582/core/sql/sqlcomp/PrivMgrPrivileges.cpp ---------------------------------------------------------------------- diff --git a/core/sql/sqlcomp/PrivMgrPrivileges.cpp b/core/sql/sqlcomp/PrivMgrPrivileges.cpp index 513a2bd..81e6b37 100644 --- a/core/sql/sqlcomp/PrivMgrPrivileges.cpp +++ b/core/sql/sqlcomp/PrivMgrPrivileges.cpp @@ -4375,7 +4375,7 @@ PrivStatus PrivMgrPrivileges::getUserPrivs( // * <objectType> is the type of the subject object. // * <granteeID> specifies the userID to accumulate // * <roleIDs> is vector of roleIDs granted to the grantee -// * <hasManagePrivileges> returns whether the grantee has MANAGE_PRIVILEGES authority +// * <hasManagePrivPriv> returns whether the grantee has MANAGE_PRIVILEGES authority // * <summarizedPrivs> contains the summarized privileges // * // * Returns: PrivStatus @@ -4390,12 +4390,12 @@ PrivStatus PrivMgrPrivileges::getPrivsFromAllGrantors( const int32_t granteeID, const std::vector<int32_t> & roleIDs, PrivMgrDesc &summarizedPrivs, - bool & hasManagePrivileges, + bool & hasManagePrivPriv, std::vector <ComSecurityKey *>* secKeySet ) { PrivStatus retcode = STATUS_GOOD; - hasManagePrivileges = false; + hasManagePrivPriv = false; bool hasPublicGrantee = false; // Check to see if the granteeID is the system user @@ -4406,7 +4406,7 @@ PrivStatus PrivMgrPrivileges::getPrivsFromAllGrantors( bitmap.set(); PrivMgrCoreDesc coreTablePrivs(bitmap, bitmap); summarizedPrivs.setTablePrivs(coreTablePrivs); - hasManagePrivileges = true; + hasManagePrivPriv = true; return STATUS_GOOD; } @@ -4414,10 +4414,13 @@ PrivStatus PrivMgrPrivileges::getPrivsFromAllGrantors( PrivObjectBitmap systemPrivs; PrivMgrComponentPrivileges componentPrivileges(metadataLocation_,pDiags_); - componentPrivileges.getSQLDMLPrivileges(granteeID,roleIDs,systemPrivs, - hasManagePrivileges); + bool hasSelectMetadata = false; + bool hasAnyManagePriv = false; + componentPrivileges.getSQLCompPrivs(granteeID,roleIDs,systemPrivs, + hasManagePrivPriv, hasSelectMetadata, + hasAnyManagePriv); - if (hasManagePrivileges && hasAllDMLPrivs(objectType,systemPrivs)) + if (hasManagePrivPriv && hasAllDMLPrivs(objectType,systemPrivs)) { PrivMgrCoreDesc coreTablePrivs(systemPrivs,systemPrivs); summarizedPrivs.setTablePrivs(coreTablePrivs); @@ -4454,7 +4457,7 @@ PrivStatus PrivMgrPrivileges::getPrivsFromAllGrantors( PrivObjectBitmap grantableBitmap; - if (hasManagePrivileges) + if (hasManagePrivPriv) grantableBitmap = systemPrivs; PrivMgrCoreDesc temp2(systemPrivs,grantableBitmap);
