GitHub user robertamarton opened a pull request: https://github.com/apache/incubator-trafodion/pull/523
TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction As part of DDL transaction work, there is a goal to run all DDL and DDL like operations in a single DDL transaction. This delivery changes initialize trafodion and initialize authorization to make this happen. Prior to DDL transactions, initialize authorization would either add or drop authorization support. Part of this required that all compiler processes associated with the master process be killed to clear out information stored in memory. When DDL transactions were added, killing the compiler processes caused the DDL transaction to abort. This means that initialize authorization could not be run in DDL transations. Initialize trafodion calls initialize authorization when security is enabled, so initialize trafodion was not enabled to run in DDL transactions. You can merge this pull request into a Git repository by running: $ git pull https://github.com/robertamarton/incubator-trafodion initauth Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafodion/pull/523.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #523 ---- commit 626370ee584eb5c3c847c01cd8615f204d29c3ff Author: Roberta Marton <roberta.mar...@apache.org> Date: 2016-06-05T19:43:17Z TRAFODION [2025] Initialize authorization cannot be run in a DDL transaction As part of DDL transaction work, there is a goal to run all DDL and DDL like operations in a single DDL transaction. This delivery changes initialize trafodion and initialize authorization to make this happen. Prior to DDL transactions, initialize authorization would either add or drop authorization support. Part of this required that all compiler processes associated with the master process be killed to clear out information stored in memory. When DDL transactions were added, killing the compiler processes caused the DDL transaction to abort. This means that initialize authorization could not be run in DDL transation. Initialize trafodion calls initialize authorization when security is enabled, so initialize trafodion was not able to run in DDL transactions. A change was made to send a CmpMessageDatabaseUser request to the child arkcmp processes after authorization was initialized or dropped. This request is reponsible for setting appropriate memory attributes so we no longer require arkcmps to be terminated. Changes were piggy backed on current support that sends usernames and IDs to child arkcmps. A new method called ContextCli::updateMxcmpSession is called during initialize and drop requests. This calls send a message to associated arkcmp process to update session attributes for user information. It then propagates the message to other child arkcmp processes. To make this work, the following code was changed to generate and recognize the new message format: CmpStatement.cpp (process - CmpMessageDatabaseUser) Context.cpp (createMxcmpSession & updateMxcmpSession) ExSqlComp.cpp (resendControls) The following was changed to support DDL transactions: CmpSeabaseDDLcommon.cpp (initSeabaseAuthorization & dropSeabaseAuthorization) GenPreCode.cpp (allow DDL transaction for initialize trafodion) SqlciErrors.txt (allow initialize authorization to succeed with warnings) This also includes a change on how Trafodion processes alter user operations that allow predefined users to be modified by someone with the correct privileges. ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---