Google Git
Sign in
apache / trafodion / 94f59aceb2a25fe4d1198399002f2263dc6a2f09 / . / core / sql / regress / privs1 / EXPECTED120
blob: 13d19fe915bd10f5f9fcf20d322420f6881483d4 [file] [log] [blame]
>>obey TEST120(tests);
>>-- =================================================================
>>-- Design:
>>-- t120role1 - owns schema t120sch
>>-- t120role2 - contains grants against teams and games
>>-- t120role3 - contains grants against teams, games, and standings
>>-- t120role4 - control, has no privs granted, make sure revoking
>>-- role does not cause recompilations
>>--
>>-- sql_user3 - is schema administrator for schema t120sch
>>-- sql_user6 - is granted and revoked privileges directly and
>>-- through t120role2 and t120role3
>>-- sql_user9 - control, makes sure revokes from roles does not
>>-- affect sql_user9's compiled queries
>>--
>>-- games - multiple roles giving same privileges
>>-- teams - multiple privileges through different roles
>>-- players - control, no roles involved in privileges
>>-- standings - used to test sequence privileges and revoke role
>>-- stats - tests revoke PUBLIC authorization ID
>>-- =================================================================
>>obey TEST120(create_db);
>>create role t120role1;
--- SQL operation complete.
>>create role t120role2;
--- SQL operation complete.
>>create role t120role3;
--- SQL operation complete.
>>create role t120role4;
--- SQL operation complete.
>>grant role t120role1, t120role2, t120role3, t120role4 to sql_user3 with admin option;
--- SQL operation complete.
>>
>>create schema t120sch authorization t120role1;
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>create table teams
+> (team_number int not null primary key,
+> team_name char(20) not null,
+> team_contact varchar(50) not null,
+> team_contact_number char (10) not null
+> )
+> ;
--- SQL operation complete.
>>
>>alter table teams add constraint valid_team_no check (team_number > 0);
--- SQL operation complete.
>>insert into teams values
+> (1, 'White Socks', 'Sam','4082282222'),
+> (2, 'Giants', 'Joe', '5102839483'),
+> (3, 'Cardinals', 'Stella', '9513849384'),
+> (4, 'Indians', 'Matt', '5128383748'),
+> (5, 'Tigers', 'Ronit', '6198273827');
--- 5 row(s) inserted.
>>
>>
>>create table games
+> ( home_team_number int not null,
+> visitor_team_number int not null,
+> game_number int not null primary key,
+> game_time timestamp not null,
+> game_location varchar(50) not null)
+> ;
--- SQL operation complete.
>>
>>alter table games add constraint valid_game_number check (game_number > 0);
--- SQL operation complete.
>>insert into games values
+> (1, 2, 1, timestamp '2009-04-23 19:30:00', 'California'),
+> (1, 3, 2, timestamp '2009-04-24 19:30:00', 'California'),
+> (1, 4, 3, timestamp '2009-04-25 10:00:00', 'Oklahoma'),
+> (2, 3, 4, timestamp '2009-04-25 13:30:00', 'Michigan'),
+> (1, 5, 5, timestamp '2009-04-25 15:00:00', 'Oklahoma'),
+> (2, 5, 6, timestamp '2009-04-27 17:00:00', 'New York'),
+> (3, 4, 7, timestamp '2009-04-28 17:00:00', 'Florida'),
+> (4, 2, 8, current_timestamp, 'Missouri');
--- 8 row(s) inserted.
>>
>>create table players
+> (player_number int not null,
+> player_name varchar (50) not null,
+> player_team_number int not null,
+> player_phone_number char (10) not null,
+> player_details varchar(50),
+> primary key (player_number, player_team_number))
+> no partition;
--- SQL operation complete.
>>
>>alter table players add constraint valid_player_number check(player_number > 0);
--- SQL operation complete.
>>
>>insert into players values
+> (1, 'Tom', 1, '4083948394', null),
+> (2, 'Bob', 1, '4089483948', null),
+> (3, 'Toby',1, '4082938493', 'pitcher'),
+> (3, 'Toby',2, '4082938493', null),
+> (4, 'Julie', 2, '5108394839', 'catcher'),
+> (5, 'Joanne', 2, '5103849384', null),
+> (6, 'Pete', 2, '5102839483', null),
+> (6, 'Pete', 3, '5102839483', 'third base'),
+> (7, 'Jared',4, '9518293849', 'short stop'),
+> (8, 'Zachary', 4, '9518293840', null),
+> (9, 'Lynne', 5, '9518293892', 'pitcher'),
+> (10, 'Omar', 5, '5128394893', null);
--- 12 row(s) inserted.
>>
>>create table standings
+> (team_number int not null primary key,
+> wins int default 0,
+> loses int default 0,
+> last_updated timestamp default current_timestamp)
+>;
--- SQL operation complete.
>>
>>insert into standings (team_number)
+> select team_number from teams;
--- 5 row(s) inserted.
>>
>>create sequence team_seq;
--- SQL operation complete.
>>
>>create table stats
+> (team_number int not null primary key,
+> num_players int not null)
+>;
--- SQL operation complete.
>>
>>insert into stats
+> select team_number, count (player_number)
+> from teams t, players p
+> where t.team_number = p.player_team_number
+> group by team_number;
--- 5 row(s) inserted.
>>
>>obey TEST120(queries);
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>select team_number from teams;
TEAM_NUMBER
-----------
1
2
3
4
5
--- 5 row(s) selected.
>>select player_number from players;
PLAYER_NUMBER
-------------
1
2
3
3
4
5
6
6
7
8
9
10
--- 12 row(s) selected.
>>select team_number, seqnum(team_seq) from standings;
TEAM_NUMBER (EXPR)
----------- --------------------
1 1
2 2
3 3
4 4
5 5
--- 5 row(s) selected.
>>select team_number, num_players from stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>
>>sh sqlci -i "TEST120(runqueries)" -u sql_user6;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER6
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>-- At this time sql_user6 has no privileges
>>-- Expect error 4481
>>-- Prepare a bunch of queries, all fail with no privilege
>>prepare select_games from select game_number from games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.GAMES.
*** ERROR[8822] The statement was not prepared.
>>prepare select_teams from select team_number, team_name from teams;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
>>prepare insert_teams from
+> insert into teams values (6, 'Braves', 'Jim', '8653845150');
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
>>prepare update_teams from
+> update teams set team_contact_number = '8653855150' where team_number = 6;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[4481] The user does not have UPDATE privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
>>prepare select_players from select count(*) from players;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.PLAYERS.
*** ERROR[8822] The statement was not prepared.
>>prepare select_standings from select team_number, seqnum(team_seq) from standings;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.STANDINGS.
*** ERROR[4491] The user does not have USAGE privilege on sequence TRAFODION.T120SCH.TEAM_SEQ.
*** ERROR[8822] The statement was not prepared.
>>prepare select_stats from select team_number, num_players from stats;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.STATS.
*** ERROR[8822] The statement was not prepared.
>>-- the next two lines insure that explain isn't a back door (JIRA TRAFODION-2294)
>>explain options 'f' select * from games;
LC RC OP OPERATOR OPT DESCRIPTION CARD
---- ---- ---- -------------------- -------- -------------------- ---------
1 . 2 root 1.00E+002
. . 1 trafodion_scan GAMES 1.00E+002
--- SQL operation complete.
>>select * from games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.GAMES.
*** ERROR[8822] The statement was not prepared.
>>
>>-- sql_user9 also has no privileges
>>sh sqlci -i "TEST120(select_queries)" -u sql_user9;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER9
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>select game_number from games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.GAMES.
*** ERROR[8822] The statement was not prepared.
>>exit;
End of MXCI Session
>>
>>-- grant privileges
>>sh sqlci -i "TEST120(grant_all_privs)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>grant insert, delete, update(team_contact, team_contact_number) on teams to t120role2 by t120role1;
--- SQL operation complete.
>>grant select on teams to sql_user6 by t120role1;
--- SQL operation complete.
>>grant select (game_number, game_time) on games to t120role2 by t120role1;
--- SQL operation complete.
>>grant select (game_number, game_time) on games to t120role3 by t120role1;
--- SQL operation complete.
>>grant all on players to sql_user6 by t120role1;
--- SQL operation complete.
>>grant role t120role2, t120role3, t120role4 to sql_user6;
--- SQL operation complete.
>>grant role t120role3 to sql_user9;
--- SQL operation complete.
>>grant select on standings to sql_user6 by t120role1;
--- SQL operation complete.
>>grant usage on sequence team_seq to t120role3 by t120role1;
--- SQL operation complete.
>>grant select (team_number, num_players) on stats to "PUBLIC" by t120role1;
--- SQL operation complete.
>>showddl games;
CREATE TABLE TRAFODION.T120SCH.GAMES
(
HOME_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, VISITOR_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, GAME_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, GAME_TIME TIMESTAMP(6) NO DEFAULT NOT NULL NOT
DROPPABLE
, GAME_LOCATION VARCHAR(50) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, PRIMARY KEY (GAME_NUMBER ASC)
)
ATTRIBUTES ALIGNED FORMAT
;
ALTER TABLE TRAFODION.T120SCH.GAMES ADD CONSTRAINT
TRAFODION.T120SCH.VALID_GAME_NUMBER CHECK
(TRAFODION.T120SCH.GAMES.GAME_NUMBER > 0)
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.GAMES TO T120ROLE1 WITH GRANT OPTION;
GRANT SELECT(GAME_NUMBER, GAME_TIME) ON TRAFODION.T120SCH.GAMES TO T120ROLE2;
GRANT SELECT(GAME_NUMBER, GAME_TIME) ON TRAFODION.T120SCH.GAMES TO T120ROLE3;
--- SQL operation complete.
>>showddl teams;
CREATE TABLE TRAFODION.T120SCH.TEAMS
(
TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, TEAM_NAME CHAR(20) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, TEAM_CONTACT VARCHAR(50) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, TEAM_CONTACT_NUMBER CHAR(10) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, PRIMARY KEY (TEAM_NUMBER ASC)
)
ATTRIBUTES ALIGNED FORMAT
;
ALTER TABLE TRAFODION.T120SCH.TEAMS ADD CONSTRAINT
TRAFODION.T120SCH.VALID_TEAM_NO CHECK (TRAFODION.T120SCH.TEAMS.TEAM_NUMBER >
0)
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.TEAMS TO T120ROLE1 WITH GRANT OPTION;
GRANT SELECT ON TRAFODION.T120SCH.TEAMS TO SQL_USER6;
GRANT INSERT, DELETE ON
TRAFODION.T120SCH.TEAMS TO T120ROLE2;
GRANT UPDATE(TEAM_CONTACT,
TEAM_CONTACT_NUMBER) ON TRAFODION.T120SCH.TEAMS TO T120ROLE2;
--- SQL operation complete.
>>showddl players;
CREATE TABLE TRAFODION.T120SCH.PLAYERS
(
PLAYER_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, PLAYER_NAME VARCHAR(50) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, PLAYER_TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, PLAYER_PHONE_NUMBER CHAR(10) CHARACTER SET ISO88591 COLLATE
DEFAULT NO DEFAULT NOT NULL NOT DROPPABLE
, PLAYER_DETAILS VARCHAR(50) CHARACTER SET ISO88591 COLLATE
DEFAULT DEFAULT NULL
, PRIMARY KEY (PLAYER_NUMBER ASC, PLAYER_TEAM_NUMBER ASC)
)
ATTRIBUTES ALIGNED FORMAT
;
ALTER TABLE TRAFODION.T120SCH.PLAYERS ADD CONSTRAINT
TRAFODION.T120SCH.VALID_PLAYER_NUMBER CHECK
(TRAFODION.T120SCH.PLAYERS.PLAYER_NUMBER > 0)
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.PLAYERS TO T120ROLE1 WITH GRANT OPTION;
GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.PLAYERS
TO SQL_USER6;
--- SQL operation complete.
>>showddl standings;
CREATE TABLE TRAFODION.T120SCH.STANDINGS
(
TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, WINS INT DEFAULT 0
, LOSES INT DEFAULT 0
, LAST_UPDATED TIMESTAMP(6) DEFAULT CURRENT
, PRIMARY KEY (TEAM_NUMBER ASC)
)
ATTRIBUTES ALIGNED FORMAT
;
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.STANDINGS TO T120ROLE1 WITH GRANT OPTION;
GRANT SELECT ON TRAFODION.T120SCH.STANDINGS TO SQL_USER6;
--- SQL operation complete.
>>showddl sequence team_seq;
CREATE SEQUENCE TRAFODION.T120SCH.TEAM_SEQ
START WITH 1 /* NEXT AVAILABLE VALUE 26 */
INCREMENT BY 1
MAXVALUE 9223372036854775806
MINVALUE 1
CACHE 25
NO CYCLE
LARGEINT
;
-- GRANT USAGE ON SEQUENCE TRAFODION.T120SCH.TEAM_SEQ TO T120ROLE1 WITH GRANT OPTION;
GRANT USAGE ON SEQUENCE TRAFODION.T120SCH.TEAM_SEQ TO T120ROLE3;
--- SQL operation complete.
>>showddl role t120role1;
CREATE ROLE "T120ROLE1";
-- GRANT ROLE "T120ROLE1" TO "DB__ROOT" WITH ADMIN OPTION;
GRANT ROLE
"T120ROLE1" TO "SQL_USER3" WITH ADMIN OPTION;
--- SQL operation complete.
>>showddl role t120role2;
CREATE ROLE "T120ROLE2";
-- GRANT ROLE "T120ROLE2" TO "DB__ROOT" WITH ADMIN OPTION;
GRANT ROLE
"T120ROLE2" TO "SQL_USER3" WITH ADMIN OPTION;
GRANT ROLE "T120ROLE2" TO
"SQL_USER6" GRANTED BY "SQL_USER3";
--- SQL operation complete.
>>showddl role t120role3;
CREATE ROLE "T120ROLE3";
-- GRANT ROLE "T120ROLE3" TO "DB__ROOT" WITH ADMIN OPTION;
GRANT ROLE
"T120ROLE3" TO "SQL_USER3" WITH ADMIN OPTION;
GRANT ROLE "T120ROLE3" TO
"SQL_USER6" GRANTED BY "SQL_USER3";
GRANT ROLE "T120ROLE3" TO "SQL_USER9"
GRANTED BY "SQL_USER3";
--- SQL operation complete.
>>showddl role t120role4;
CREATE ROLE "T120ROLE4";
-- GRANT ROLE "T120ROLE4" TO "DB__ROOT" WITH ADMIN OPTION;
GRANT ROLE
"T120ROLE4" TO "SQL_USER3" WITH ADMIN OPTION;
GRANT ROLE "T120ROLE4" TO
"SQL_USER6" GRANTED BY "SQL_USER3";
--- SQL operation complete.
>>
>>exit;
End of MXCI Session
>>
>>
>>-- Prepare a bunch of queries, all successful
>>prepare select_games from select game_number from games;
--- SQL command prepared.
>>prepare select_teams from select team_number, team_name from teams;
--- SQL command prepared.
>>prepare insert_teams from
+> insert into teams values (6, 'Braves', 'Jim', '8653845150');
--- SQL command prepared.
>>prepare update_teams from
+> update teams set team_contact_number = '8653855150' where team_number = 6;
--- SQL command prepared.
>>prepare select_players from select count(*) from players;
--- SQL command prepared.
>>prepare select_standings from select team_number, seqnum(team_seq) from standings;
--- SQL command prepared.
>>
>>-- Gather the query invalidation keys for each plan
>>-- OI - object/column insert required
>>-- OG - sequence usage required
>>-- OS - object/column select required
>>-- OU - object/column update required
>>-- AR - role involved, check query plans that rely on roles during revoke
>>log;
Query_Invalidation_Keys explain output for select_games, select_teams, insert_teams, update_teams, select_players, select_standings:
Query_Invalidation_Keys{,,OS}{,,UR}
Query_Invalidation_Keys{,,OS}
Query_Invalidation_Keys{,,OI}{,,UR}
Query_Invalidation_Keys{,,OS}{,,
OU}{,,UR}
Query_Invalidation_Keys{,,OS}
Query_Invalidation_Keys{,,OS}{,,
OG}{,,UR}
>>
>>-- Verify that sql_user9 can select from games
>>sh sqlci -i "TEST120(select_queries)" -u sql_user9;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER9
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>exit;
End of MXCI Session
>>
>>-- revoke t120role4 from sql_user6
>>sh sqlci -i "TEST120(revoke_t120role4)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>revoke role t120role4 from sql_user6;
--- SQL operation complete.
>>
>>-- sql_user3 has privs on all tables, can execute and no recompile
>>obey TEST120(queries);
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>select team_number from teams;
TEAM_NUMBER
-----------
1
2
3
4
5
--- 5 row(s) selected.
>>select player_number from players;
PLAYER_NUMBER
-------------
1
2
3
3
4
5
6
6
7
8
9
10
--- 12 row(s) selected.
>>select team_number, seqnum(team_seq) from standings;
TEAM_NUMBER (EXPR)
----------- --------------------
1 26
2 27
3 28
4 29
5 30
--- 5 row(s) selected.
>>select team_number, num_players from stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>
>>exit;
End of MXCI Session
>>
>>-- queries s/b recompiled
>>execute select_games;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>execute select_teams;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
TEAM_NUMBER TEAM_NAME
----------- --------------------
1 White Socks
2 Giants
3 Cardinals
4 Indians
5 Tigers
--- 5 row(s) selected.
>>
>>-- revoke insert, delete privilege from t120role2
>>sh sqlci -i "TEST120(revoke_t120role2p)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>revoke insert, delete on teams from t120role2 by t120role1;
--- SQL operation complete.
>>
>>exit;
End of MXCI Session
>>-- still have privilege
>>execute select_teams;
TEAM_NUMBER TEAM_NAME
----------- --------------------
1 White Socks
2 Giants
3 Cardinals
4 Indians
5 Tigers
--- 5 row(s) selected.
>>-- no longer has privilege (4481) and query attempted recompilation
>>execute insert_teams;
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) inserted.
>>
>>-- grant privilege back
>>sh sqlci -i "TEST120(grant_t120role2p)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>grant insert, delete on teams to t120role2 by t120role1;
--- SQL operation complete.
>>
>>exit;
End of MXCI Session
>>execute select_teams;
TEAM_NUMBER TEAM_NAME
----------- --------------------
1 White Socks
2 Giants
3 Cardinals
4 Indians
5 Tigers
--- 5 row(s) selected.
>>-- now works and query recompiled (8597)
>>execute insert_teams;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8583] This statement contains no generated plan to execute at runtime. An error during query compilation caused this condition.
--- 1 row(s) inserted.
>>
>>-- revoke t120role2 from sql_user6
>>sh sqlci -i "TEST120(revoke_t120role2)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>revoke role t120role2 from sql_user6;
--- SQL operation complete.
>>
>>-- sql_user3 has privs on all tables, can execute and no recompile
>>obey TEST120(queries);
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>select team_number from teams;
TEAM_NUMBER
-----------
1
2
3
4
5
6
--- 6 row(s) selected.
>>select player_number from players;
PLAYER_NUMBER
-------------
1
2
3
3
4
5
6
6
7
8
9
10
--- 12 row(s) selected.
>>select team_number, seqnum(team_seq) from standings;
TEAM_NUMBER (EXPR)
----------- --------------------
1 51
2 52
3 53
4 54
5 55
--- 5 row(s) selected.
>>select team_number, num_players from stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>
>>exit;
End of MXCI Session
>>
>>-- still have privs but query recompiled (8597)
>>execute select_games;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>execute select_teams;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
TEAM_NUMBER TEAM_NAME
----------- --------------------
1 White Socks
2 Giants
3 Cardinals
4 Indians
5 Tigers
6 Braves
--- 6 row(s) selected.
>>execute select_standings;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
TEAM_NUMBER (EXPR)
----------- --------------------
1 76
2 77
3 78
4 79
5 80
--- 5 row(s) selected.
>>execute select_players;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
(EXPR)
--------------------
12
--- 1 row(s) selected.
>>
>>-- no longer has privilege (4481) and query attempted recompilation
>>execute insert_teams;
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) inserted.
>>execute update_teams;
*** ERROR[4481] The user does not have UPDATE privilege on table or view TRAFODION.T120SCH.TEAMS.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) updated.
>>
>>-- revoke role t120role3 from sql_user6
>>sh sqlci -i "TEST120(revoke_t120role3)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>revoke role t120role3 from sql_user6;
--- SQL operation complete.
>>
>>-- sql_user3 has privs on all tables, can execute and no recompile
>>obey TEST120(queries);
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>select team_number from teams;
TEAM_NUMBER
-----------
1
2
3
4
5
6
--- 6 row(s) selected.
>>select player_number from players;
PLAYER_NUMBER
-------------
1
2
3
3
4
5
6
6
7
8
9
10
--- 12 row(s) selected.
>>select team_number, seqnum(team_seq) from standings;
TEAM_NUMBER (EXPR)
----------- --------------------
1 101
2 102
3 103
4 104
5 105
--- 5 row(s) selected.
>>select team_number, num_players from stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>
>>exit;
End of MXCI Session
>>
>>-- no longer has privilege (4481) on select_games,
>>-- but has privilege on select_teams and select_players
>>execute select_games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.GAMES.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) selected.
>>execute select_teams;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
TEAM_NUMBER TEAM_NAME
----------- --------------------
1 White Socks
2 Giants
3 Cardinals
4 Indians
5 Tigers
6 Braves
--- 6 row(s) selected.
>>execute select_players;
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
(EXPR)
--------------------
12
--- 1 row(s) selected.
>>
>>-- user has select but not usage
>>execute select_standings;
*** ERROR[4491] The user does not have USAGE privilege on sequence TRAFODION.T120SCH.TEAM_SEQ.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) selected.
>>
>>-- Verify sql_user9 can still select from games and no recompilation msg
>>sh sqlci -i "TEST120(select_queries)" -u sql_user9;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER9
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>select game_number from games;
GAME_NUMBER
-----------
1
2
3
4
5
6
7
8
--- 8 row(s) selected.
>>exit;
End of MXCI Session
>>
>>-- tests for PUBLIC
>>-- select priv on stats has been granted to public
>>prepare select_stats from select team_number, num_players from stats;
--- SQL command prepared.
>>log;
Query_Invalidation_Keys explain output for select_stats:
Query_Invalidation_Keys{,,OS}{,,UZ}
>>shecho"Query_Invalidation_Keysexplainoutputforselect_stats:">>LOG;
>>
>>execute select_stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>-- revoke PUBLIC
>>sh sqlci -i "TEST120(revoke_public)" -u sql_user3;
>>values (current_user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
--- SQL operation complete.
>>cqd AUTO_QUERY_RETRY_WARNINGS 'ON';
--- SQL operation complete.
>>set schema t120sch;
--- SQL operation complete.
>>
>>revoke select (team_number, num_players) on stats from "PUBLIC" by t120role1;
--- SQL operation complete.
>>showddl stats;
CREATE TABLE TRAFODION.T120SCH.STATS
(
TEAM_NUMBER INT NO DEFAULT NOT NULL NOT DROPPABLE
, NUM_PLAYERS INT NO DEFAULT NOT NULL NOT DROPPABLE
, PRIMARY KEY (TEAM_NUMBER ASC)
)
ATTRIBUTES ALIGNED FORMAT
;
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.T120SCH.STATS TO T120ROLE1 WITH GRANT OPTION;
--- SQL operation complete.
>>select team_number, num_players from stats;
TEAM_NUMBER NUM_PLAYERS
----------- -----------
1 3
2 4
3 1
4 2
5 2
--- 5 row(s) selected.
>>
>>exit;
End of MXCI Session
>>
>>select * from stats;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.STATS.
*** ERROR[8822] The statement was not prepared.
>>execute select_stats;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T120SCH.STATS.
*** ERROR[8822] The statement was not prepared.
*** WARNING[8597] Statement was automatically retried 1 time(s). Delay before each retry was 0 seconds. See next entry for the error that caused this retry.
*** WARNING[8734] Statement must be recompiled to allow privileges to be re-evaluated.
--- 0 row(s) selected.
>>
>>exit;
End of MXCI Session
>>
>>log;