Google Git
Sign in
apache/trafodion/default/./core/sql/regress/privs2/EXPECTED140
blob: 81c3fbc9e90b892e1286135b4a5b961a4a682eb8 [file] [log] [blame]
>>env;
----------------------------------
Current Environment
----------------------------------
AUTHENTICATION disabled
AUTHORIZATION enabled
CURRENT DIRECTORY /mnt/rmarton/gitws/trafodion/core/sql/regress/rundir/privs2
LIST_COUNT 4294967295
LOG FILE LOG140
MESSAGEFILE /mnt/rmarton/gitws/trafodion/core/sqf/export/bin64d/mxc ...
MESSAGEFILE LANG US English
MESSAGEFILE VRSN {2018-04-19 16:37 LINUX:EDEV07.ESGYN.LOCAL/rmarton}
SQL CATALOG TRAFODION
SQL SCHEMA T140_SHARED_VIEWS
SQL USER CONNECTED user not connected
SQL USER DB NAME DB__ROOT
SQL USER ID 33333
TERMINAL CHARSET ISO88591
TRANSACTION ID
TRANSACTION STATE not in progress
WARNINGS on
>>obey TEST140(create_db);
>>-- create roles
>>create role priv1;
--- SQL operation complete.
>>create role priv2;
--- SQL operation complete.
>>create role priv3;
--- SQL operation complete.
>>create role priv4;
--- SQL operation complete.
>>create role metadata_access;
--- SQL operation complete.
>>grant role priv1, priv2, priv3, priv4 to sql_user5;
--- SQL operation complete.
>>grant role metadata_access to sql_user1, sql_user2, sql_user3,
+> sql_user4, sql_user5, sql_user6, sql_user7, sql_user8, sql_user9;
--- SQL operation complete.
>>
>>grant select on "_MD_".objects to metadata_access;
--- SQL operation complete.
>>grant select on "_PRIVMGR_MD_".object_privileges to metadata_access;
--- SQL operation complete.
>>grant select on "_MD_".auths to metadata_access;
--- SQL operation complete.
>>
>>create shared schema t140_shared_views;
--- SQL operation complete.
>>set schema t140_shared_views;
--- SQL operation complete.
>>
>>-- compile cpp program for function
>>sh rm -f ./etest140.dll;
>>sh sh $$scriptsdir$$/tools/dll-compile.ksh etest140.cpp
+> 2>&1 | tee LOG140-SECONDARY;
>>set pattern $$DLL$$ etest140.dll;
>>set pattern $$QUOTE$$ '''';
>>
>>-- create the library and udf
>>create library t140_l1 file $$QUOTE$$ $$REGRRUNDIR$$/$$DLL$$ $$QUOTE$$ ;
--- SQL operation complete.
>>create function t140_translatePrivsBitmap(bitmap largeint) returns (bitmap_string char (20))
+>language c parameter style sql external name 'translateBitmap'
+>library t140_l1
+>deterministic no sql final call allow any parallelism state area size 1024 ;
--- SQL operation complete.
>>grant execute on function t140_translatePrivsBitmap to "PUBLIC";
--- SQL operation complete.
>>
>>-- private schema owned by sql_user1
>>create schema t140_user1_private authorization sql_user1;
--- SQL operation complete.
>>set schema t140_user1_private;
--- SQL operation complete.
>>obey TEST140(create_tables);
>>
>>-- Creates and loads three tables: teams, games, players
>>-- All tables have a check constraint (other than NOT NULL)
>>-- Table games has an index
>>-- Table players has a RI contraint referencing teams
>>-- A view exists between games & teams
>>
>>create table teams
+> (team_number int not null primary key,
+> team_name char(20) not null,
+> team_contact varchar(50) not null,
+> team_contact_number char (10) not null
+> )
+> ;
--- SQL operation complete.
>>
>>alter table teams add constraint valid_team_no check (team_number > 0);
--- SQL operation complete.
>>
>>insert into teams values
+> (1, 'White Socks', 'Sam','4082282222'),
+> (2, 'Giants', 'Joe', '5102839483'),
+> (3, 'Cardinals', 'Stella', '9513849384'),
+> (4, 'Indians', 'Matt', '5128383748'),
+> (5, 'Tigers', 'Ronit', '6198273827');
--- 5 row(s) inserted.
>>
>>create table games
+> ( home_team_number int not null,
+> visitor_team_number int not null,
+> game_number int not null primary key,
+> game_time timestamp not null,
+> game_location varchar(50) not null)
+> ;
--- SQL operation complete.
>>create index home_games on games (home_team_number);
--- SQL operation complete.
>>
>>alter table games add constraint valid_game_number check (game_number > 0);
--- SQL operation complete.
>>
>>insert into games values
+> (1, 2, 1, timestamp '2009-04-23 19:30:00', 'California'),
+> (1, 3, 2, timestamp '2009-04-24 19:30:00', 'California'),
+> (1, 4, 3, timestamp '2009-04-25 10:00:00', 'Oklahoma'),
+> (2, 3, 4, timestamp '2009-04-25 13:30:00', 'Michigan'),
+> (1, 5, 5, timestamp '2009-04-25 15:00:00', 'Oklahoma'),
+> (2, 5, 6, timestamp '2009-04-27 17:00:00', 'New York'),
+> (3, 4, 7, timestamp '2009-04-28 17:00:00', 'Florida'),
+> (4, 2, 8, current_timestamp, 'Missouri');
--- 8 row(s) inserted.
>>
>>create view t140_shared_views.home_team_games as
+> select t.team_number, g.game_number, g.game_time
+> from "TEAMS" t,
+> "GAMES" g
+> where t.team_number = g.home_team_number
+> order by 1, game_number, game_time;
--- SQL operation complete.
>>grant select on t140_shared_views.home_team_games to sql_user1 with grant option;
--- SQL operation complete.
>>
>>create table players
+> (player_number int not null,
+> player_name varchar (50) not null,
+> player_team_number int not null,
+> player_phone_number char (10) not null,
+> player_details varchar(50),
+> primary key (player_number, player_team_number))
+> no partition;
--- SQL operation complete.
>>
>>alter table players add constraint valid_player_number check(player_number > 0);
--- SQL operation complete.
>>
>>alter table players add constraint players_teams
+> foreign key (player_team_number) references teams (team_number);
--- SQL operation complete.
>>
>>insert into players values
+> (1, 'Tom', 1, '4083948394', null),
+> (2, 'Bob', 1, '4089483948', null),
+> (3, 'Toby',1, '4082938493', 'pitcher'),
+> (3, 'Toby',2, '4082938493', null),
+> (4, 'Julie', 2, '5108394839', 'catcher'),
+> (5, 'Joanne', 2, '5103849384', null),
+> (6, 'Pete', 2, '5102839483', null),
+> (6, 'Pete', 3, '5102839483', 'third base'),
+> (7, 'Jared',4, '9518293849', 'short stop'),
+> (8, 'Zachary', 4, '9518293840', null),
+> (9, 'Lynne', 5, '9518293892', 'pitcher'),
+> (10, 'Omar', 5, '5128394893', null);
--- 12 row(s) inserted.
>>
>>get tables in schema t140_user1_private;
Tables in Schema TRAFODION.T140_USER1_PRIVATE
=============================================
GAMES
PLAYERS
SB_HISTOGRAMS
SB_HISTOGRAM_INTERVALS
SB_PERSISTENT_SAMPLES
TEAMS
--- SQL operation complete.
>>
>>
>>-- shared schema owned by sql_user5
>>--create shared schema t140_user1_shared authorization sql_user5;
>>--set schema t140_user5_shared;
>>--obey TEST140(create_tables);
>>--get tables in schema t140_user5_shared;
>>
>>-- private schema owned by role priv1
>>--create private schema t140_priv1_private authorization priv1;
>>--set schema t140_priv1_private;
>>--obey TEST140(create_tables);
>>--get tables in schema t140_priv1_private;
>>
>>-- shared schema owner by role priv2
>>--create shared schema t140_priv2_shared authorization priv2;
>>--set schema t140_priv2_shared;
>>--obey TEST140(create_tables);
>>--get tables in schema t140_priv2_shared;
>>
>>obey TEST140(set_up);
>>prepare get_privs from
+>select distinct
+> substring (object_name,1,50) as object_name,
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
+> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
+> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
+> from "_MD_".objects
+> where schema_name like 'T140_%')
+> order by 1, 2, 3, 4, 5
+>;
--- SQL command prepared.
>>
>>obey TEST140(tests);
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
DB__ROOT
--- 1 row(s) selected.
>>
>>-- user1 owns everything, start of by doing initial grants
>>sh sqlci -i "TEST140(user1_cmds)" -u sql_user1;
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER1
--- 1 row(s) selected.
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>grant select on games to sql_user2;
--- SQL operation complete.
>>
>>-- grants to handle table requests
>>grant all on teams to sql_user2 with grant option;
--- SQL operation complete.
>>grant select, insert on players to sql_user2 with grant option;
--- SQL operation complete.
>>
>>-- grants to handle view requests
>>grant select on t140_shared_views.home_team_games to sql_user2;
--- SQL operation complete.
>>
>>obey TEST140(set_up);
>>prepare get_privs from
+>select distinct
+> substring (object_name,1,50) as object_name,
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
+> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
+> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
+> from "_MD_".objects
+> where schema_name like 'T140_%')
+> order by 1, 2, 3, 4, 5
+>;
--- SQL command prepared.
>>
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
--- 18 row(s) selected.
>>
>>exit;
End of MXCI Session
>>
>>-- Go see what user2, user3, user4 and user5 can do
>>sh sqlci -i "TEST140(user2_cmds)" -u sql_user2;
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER2
--- 1 row(s) selected.
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>-- user2 has insert privilege on teams and players
>>insert into teams values (6, 'Mets', 'Harry', '8007218888');
--- 1 row(s) inserted.
>>insert into players values (11, 'Barry', 3, '2342342345', 'left field');
--- 1 row(s) inserted.
>>
>>-- user2 does not have insert privilege on games
>>insert into games values (5,6,9, current_timestamp, 'Michigan');
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.T140_USER1_PRIVATE.GAMES.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user2 can select from all tables
>>select count(*) from teams;
(EXPR)
--------------------
6
--- 1 row(s) selected.
>>select count(*) from games;
(EXPR)
--------------------
8
--- 1 row(s) selected.
>>select count(*) from players;
(EXPR)
--------------------
13
--- 1 row(s) selected.
>>
>>-- user2 can select from home_team_games
>>select team_number, game_number from t140_shared_views.home_team_games;
TEAM_NUMBER GAME_NUMBER
----------- -----------
1 1
1 2
1 3
1 5
2 4
2 6
3 7
4 8
--- 8 row(s) selected.
>>
>>-- user2 can create a view that spans all tables
>>create view t140_shared_views.games_by_player as
+> select player_name, game_time
+> from teams t, games g, players p
+> where p.player_team_number = t.team_number and
+> t.team_number = g.home_team_number
+> order by player_name, team_number;
--- SQL operation complete.
>>select distinct player_name from t140_shared_views.games_by_player order by 1;
PLAYER_NAME
--------------------------------------------------
Barry
Bob
Jared
Joanne
Julie
Pete
Toby
Tom
Zachary
--- 9 row(s) selected.
>>
>>-- user2 cannot propagate select privilege on games
>>grant select on games to sql_user3;
*** ERROR[1012] No privileges were granted. SQL_USER2 lacks grant option on the specified privileges.
--- SQL operation failed with errors.
>>
>>-- user2 can propagate all privileges on teams
>>grant select, delete on teams to sql_user3 with grant option;
--- SQL operation complete.
>>
>>-- user2 can propagate select and insert privilege on players
>>grant select on players to sql_user3;
--- SQL operation complete.
>>grant insert on players to sql_user3 with grant option;
--- SQL operation complete.
>>
>>obey TEST140(set_up);
>>prepare get_privs from
+>select distinct
+> substring (object_name,1,50) as object_name,
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
+> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
+> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
+> from "_MD_".objects
+> where schema_name like 'T140_%')
+> order by 1, 2, 3, 4, 5
+>;
--- SQL command prepared.
>>
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER VI -2 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D---- S-D----
--- 21 row(s) selected.
>>
>>exit;
End of MXCI Session
>>sh sqlci -i "TEST140(user3_cmds)" -u sql_user3;
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER3
--- 1 row(s) selected.
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>-- user3 cannot select from games
>>select count(*) from games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_USER1_PRIVATE.GAMES.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user3 can select from teams and players
>>select count(*) from teams;
(EXPR)
--------------------
6
--- 1 row(s) selected.
>>select count(*) from players;
(EXPR)
--------------------
13
--- 1 row(s) selected.
>>
>>-- user3 can create a view between teams and players
>>create view t140_shared_views.players_on_team as
+> select player_name, team_name
+> from teams t, players p
+> where p.player_team_number = t.team_number
+> order by t.team_name;
--- SQL operation complete.
>>select * from t140_shared_views.players_on_team;
PLAYER_NAME TEAM_NAME
-------------------------------------------------- --------------------
Pete Cardinals
Barry Cardinals
Julie Giants
Joanne Giants
Toby Giants
Pete Giants
Jared Indians
Zachary Indians
Omar Tigers
Lynne Tigers
Toby White Socks
Bob White Socks
Tom White Socks
--- 13 row(s) selected.
>>
>>-- user3 cannot select from view games_by_player or home_team_games;
>>select * from t140_shared_views.games_by_player;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER.
*** ERROR[8822] The statement was not prepared.
>>select team_number, game_number from t140_shared_views.home_team_games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user3 can delete from teams;
>>delete from teams where team_number = 6;
--- 1 row(s) deleted.
>>
>>-- user3 cannot insert into teams
>>insert into teams values (6, 'Mets', 'Harry', '8007218888');
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.T140_USER1_PRIVATE.TEAMS.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user3 cannot propagate select on table games
>>grant select on games to sql_user4;
*** ERROR[1012] No privileges were granted. SQL_USER3 lacks grant option on the specified privileges.
--- SQL operation failed with errors.
>>
>>-- user3 can propagate select but no insert on table teams
>>grant select, insert on teams to sql_user4;
*** WARNING[1013] Not all privileges were granted. You lack grant option for the INSERT privilege.
--- SQL operation complete.
>>
>>-- user3 can propagate insert on table players
>>grant insert on players to sql_user4;
--- SQL operation complete.
>>
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER VI -2 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_TEAM VI -2 SQL_USER3 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER3 SQL_USER4 -I----- NONE
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D---- S-D----
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------ NONE
--- 24 row(s) selected.
>>
>>exit;
End of MXCI Session
>>sh sqlci -i "TEST140(user4_cmds)" -u sql_user4;
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER4
--- 1 row(s) selected.
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>-- user4 cannot select from games or players
>>select count(*) from games;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_USER1_PRIVATE.GAMES.
*** ERROR[8822] The statement was not prepared.
>>select count(*) from players;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_USER1_PRIVATE.PLAYERS.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user4 can create a view on teams;
>>create view t140_shared_views.team_names as
+>select team_name from teams;
--- SQL operation complete.
>>
>>-- user4 cannot select from other views
>>select * from t140_shared_views.players_on_team;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_TEAM.
*** ERROR[8822] The statement was not prepared.
>>
>>-- user4 can select from teams;
>>select count(*) from teams;
(EXPR)
--------------------
5
--- 1 row(s) selected.
>>
>>-- user3 has insert privilege into players but not references for the
>>-- associated RI constraint
>>insert into players values (12, 'Aaron', 4, '3453453456', 'right field');
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_USER1_PRIVATE.PLAYERS.
*** ERROR[8822] The statement was not prepared.
>>
>>--user4 cannot grant any privileges
>>grant select on teams to sql_user5;
*** ERROR[1012] No privileges were granted. SQL_USER4 lacks grant option on the specified privileges.
--- SQL operation failed with errors.
>>grant insert on players to sql_user5;
*** ERROR[1012] No privileges were granted. SQL_USER4 lacks grant option on the specified privileges.
--- SQL operation failed with errors.
>>
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER VI -2 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_TEAM VI -2 SQL_USER3 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------ NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER3 SQL_USER4 -I----- NONE
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D---- S-D----
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------ NONE
--- 25 row(s) selected.
>>
>>exit;
End of MXCI Session
>>sh sqlci -i "TEST140(user5_cmds)" -u sql_user5;
>>values (user);
(EXPR)
---------------------------------------------------------------------------------------------------------------------------------
SQL_USER5
--- 1 row(s) selected.
>>obey TEST140(set_up);
>>prepare get_privs from
+>select distinct
+> substring (object_name,1,50) as object_name,
+> object_type as type,
+> substring(authname(grantor_id),1,10) as grantor,
+> substring(authname(grantee_id),1,10) as grantee,
+> t140_shared_views.t140_translatePrivsBitmap(privileges_bitmap) as granted_privs,
+> t140_shared_views.t140_translatePrivsBitmap(grantable_bitmap) as grantable_privs
+>from "_PRIVMGR_MD_".object_privileges
+>where object_uid in
+> (select object_uid
+> from "_MD_".objects
+> where schema_name like 'T140_%')
+> order by 1, 2, 3, 4, 5
+>;
--- SQL command prepared.
>>
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>-- user 5 has no privs
>>select count(*) from teams;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.T140_USER1_PRIVATE.TEAMS.
*** ERROR[8822] The statement was not prepared.
>>
>>exit;
End of MXCI Session
>>
>>obey TEST140(revoke_tests);
>>set schema t140_user1_private;
--- SQL operation complete.
>>
>>-- set up grant tree
>>-- user1 grants select, insert WGO to user2
>>-- user2 grants select, insert WGO to user3
>>-- user3 grants select to user4 and user5
>>-- user2 grants select WGO to user4
>>-- user4 grants select WGO to user5
>>-- user5 grants to user6
>>-- user2 grants insert to user4
>>-- user1 grants select, insert to user4
>>
>>-- owner (user1) grants
>>grant select, insert on games to sql_user2 with grant option;
--- SQL operation complete.
>>grant select, insert on games to sql_user4;
--- SQL operation complete.
>>
>>-- user2 grants
>>grant select, insert on games to sql_user3 with grant option by sql_user2;
--- SQL operation complete.
>>grant select on games to sql_user4 with grant option by sql_user2;
--- SQL operation complete.
>>grant insert on games to sql_user4 by sql_user2;
--- SQL operation complete.
>>
>>-- user3 grants
>>grant select on games to sql_user4 granted by sql_user3;
--- SQL operation complete.
>>grant select on games to sql_user5 with grant option granted by sql_user3;
--- SQL operation complete.
>>
>>-- user4 grants
>>grant select on games to sql_user5 with grant option granted by sql_user4;
--- SQL operation complete.
>>
>>-- user5 grante
>>grant select on games to sql_user6 by sql_user5;
--- SQL operation complete.
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER VI -2 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_TEAM VI -2 SQL_USER3 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------ NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER4 SI----- NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER2 SQL_USER3 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER2 SQL_USER4 SI----- S------
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER3 SQL_USER4 S------ NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER3 SQL_USER5 S------ S------
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER4 SQL_USER5 S------ S------
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER5 SQL_USER6 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER3 SQL_USER4 -I----- NONE
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D---- S-D----
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------ NONE
--- 32 row(s) selected.
>>
>>-- user6 tries to grant select to user7
>>grant select on games to sql_user7 by sql_user6;
*** ERROR[1012] No privileges were granted. SQL_USER6 lacks grant option on the specified privileges.
--- SQL operation failed with errors.
>>
>>-- user5 tries to grant to user2 (circular)
>>grant select on games to sql_user2 by sql_user5;
*** ERROR[1036] Authorization ID SQL_USER5 cannot grant to authorization ID SQL_USER2 because it could create a circular dependency.
--- SQL operation failed with errors.
>>
>>-- user2 tries to remove WGO from user3,
>>-- fails because of user3->user4 and user3->user5 grants
>>revoke grant option for select on games from sql_user3 by sql_user2;
*** ERROR[1037] Revoke failed because of a dependent grant between authorization ID SQL_USER3 and authorization ID SQL_USER4.
--- SQL operation failed with errors.
>>
>>-- remove user3->user5 grant
>>revoke select on games from sql_user4 by sql_user3;
--- SQL operation complete.
>>revoke grant option for select on games from sql_user3 by sql_user2;
*** ERROR[1037] Revoke failed because of a dependent grant between authorization ID SQL_USER3 and authorization ID SQL_USER5.
--- SQL operation failed with errors.
>>revoke select on games from sql_user5 by sql_user3;
--- SQL operation complete.
>>revoke grant option for select on games from sql_user3 by sql_user2;
--- SQL operation complete.
>>
>>execute get_privs;
OBJECT_NAME TYPE GRANTOR GRANTEE GRANTED_PRIVS GRANTABLE_PRIVS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---- ---------- ---------- -------------------- --------------------
TRAFODION.T140_SHARED_VIEWS.GAMES_BY_PLAYER VI -2 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI -2 DB__ROOT S----R- S----R-
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI DB__ROOT SQL_USER1 S------ S------
TRAFODION.T140_SHARED_VIEWS.HOME_TEAM_GAMES VI SQL_USER1 SQL_USER2 S------ NONE
TRAFODION.T140_SHARED_VIEWS.PLAYERS_ON_TEAM VI -2 SQL_USER3 S------ NONE
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAMS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_HISTOGRAM_INTERVALS BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.SB_PERSISTENT_SAMPLES BT -2 DB__ROOT SIDU-R- SIDU-R-
TRAFODION.T140_SHARED_VIEWS.T140_L1 LB -2 DB__ROOT ---UG-- ---UG--
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR -2 DB__ROOT ------E ------E
TRAFODION.T140_SHARED_VIEWS.T140_TRANSLATEPRIVSBIT UR DB__ROOT -1 ------E NONE
TRAFODION.T140_SHARED_VIEWS.TEAM_NAMES VI -2 SQL_USER4 S------ NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER1 SQL_USER4 SI----- NONE
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER2 SQL_USER4 SI----- S------
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER4 SQL_USER5 S------ S------
TRAFODION.T140_USER1_PRIVATE.GAMES BT SQL_USER5 SQL_USER6 S------ NONE
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER1 SQL_USER2 SI----- SI-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER2 SQL_USER3 SI----- -I-----
TRAFODION.T140_USER1_PRIVATE.PLAYERS BT SQL_USER3 SQL_USER4 -I----- NONE
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_HISTOGRAM_INTERVAL BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.SB_PERSISTENT_SAMPLES BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT -2 SQL_USER1 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER1 SQL_USER2 SIDU-R- SIDU-R-
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER2 SQL_USER3 S-D---- S-D----
TRAFODION.T140_USER1_PRIVATE.TEAMS BT SQL_USER3 SQL_USER4 S------ NONE
--- 30 row(s) selected.
>>
>>log;