trafodion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmar...@apache.org
Subject [1/2] incubator-trafodion git commit: TRAFODION-2175 a user should only see specific schemas/tables that he has privs TRAFODION-1573 Additional GET commands for privileges
Date Mon, 30 Jan 2017 16:25:17 GMT
Repository: incubator-trafodion
Updated Branches:
  refs/heads/master 91c337520 -> b67455830


TRAFODION-2175 a user should only see specific schemas/tables that he has privs
TRAFODION-1573 Additional GET commands for privileges

This is one of several deliveries to improve GET commands:
- return details about objects that are only visible to the current_user.
- support additional statements

This delivery adds visibility checking to to the following commands:

  get users;
  get roles;
  get users for role <role>;
  get roles for user <user>;

It now supports the following GET statements:

  get privileges for user <user>;
  get privileges for role <role>;

When getting privileges for a user or role, the output is as follows:

  <privileges>    <object> <optional column name>

<privileges> output is a character string containing granted privileges:

  char 1: SELECT_PRIV     - "S"
  char 2: INSERT_PRIV     - "I"
  char 3: DELETE_PRIV     - "D"
  char 4: UPDATE_PRIV     - "U"
  char 5: USAGE_PRIV      - "G"
  char 6: REFERENCES_PRIV - "R"
  char 7: EXECUTE_PRIV    - "E"

If the user/role has no privilege then "-" is specified for the character

Example:  get privileges for user userx;

   SI--G-E    TRAFODION.MYSCH.MYTABLE1
   S------    TRAFODION.MYSCH.MYTABLE2 <Column> column1
   S--U---    TRAFODION.MYSCH.MYTABLE2 <Column> column2

When getting privileges for a role, only those privileges granted to the role
are returned.

When getting privileges for a user, privileges directly granted to the user
plus privileges granted to any roles associated with the user are returned.

A new regression test - privs1/TEST123 has been added to test these changes.

In addition, unused methods were removed from Get code.


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/60cdb459
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/60cdb459
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/60cdb459

Branch: refs/heads/master
Commit: 60cdb45912bc8e31fbdaec6d24a04714d18c243e
Parents: 660c80e
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Authored: Thu Jan 26 17:00:44 2017 +0000
Committer: Roberta Marton <rmarton@edev07.esgyn.local>
Committed: Thu Jan 26 17:00:44 2017 +0000

----------------------------------------------------------------------
 core/sql/comexe/ComTdbExeUtil.h      |   1 +
 core/sql/executor/ExExeUtil.h        |  15 +-
 core/sql/executor/ExExeUtilGet.cpp   | 892 ++++++++++++++++--------------
 core/sql/generator/GenRelExeUtil.cpp |   2 +
 core/sql/regress/hive/EXPECTED009    |  26 +-
 5 files changed, 496 insertions(+), 440 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/60cdb459/core/sql/comexe/ComTdbExeUtil.h
----------------------------------------------------------------------
diff --git a/core/sql/comexe/ComTdbExeUtil.h b/core/sql/comexe/ComTdbExeUtil.h
index 37c780e..3abc2a5 100644
--- a/core/sql/comexe/ComTdbExeUtil.h
+++ b/core/sql/comexe/ComTdbExeUtil.h
@@ -2470,6 +2470,7 @@ public:
 
     ROLES_FOR_ROLE_,
     USERS_FOR_ROLE_,
+    PRIVILEGES_FOR_ROLE_,
 
     USERS_,
     CURRENT_USER_,

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/60cdb459/core/sql/executor/ExExeUtil.h
----------------------------------------------------------------------
diff --git a/core/sql/executor/ExExeUtil.h b/core/sql/executor/ExExeUtil.h
index f8bacdb..b0c63f3 100755
--- a/core/sql/executor/ExExeUtil.h
+++ b/core/sql/executor/ExExeUtil.h
@@ -2487,10 +2487,17 @@ protected:
 
 private:
 
-  Lng32 setupObjectTypeForUserQuery();
-  Lng32 setupPrivilegesTypeForUserQuery();
-  Int32 setupAuthIDInfo(const char * authName, char authID[MAX_AUTHIDTYPE_CHAR], AuthIdType roleOnly);
-  Int32 setupCurrentUserInfo(char authID[MAX_USERINFO_CHAR]);
+  NABoolean checkUserPrivs(ContextCli * currConnext, const ComTdbExeUtilGetMetadataInfo::QueryType queryType);
+  Int32 getAuthID(
+    const char *authName,
+    const char *catName,
+    const char *schName,
+    const char *objName);
+  char * getRoleList(
+    const Int32 userID,
+    const char *catName,
+    const char *schName,
+    const char *objName);
 
 };
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/60cdb459/core/sql/executor/ExExeUtilGet.cpp
----------------------------------------------------------------------
diff --git a/core/sql/executor/ExExeUtilGet.cpp b/core/sql/executor/ExExeUtilGet.cpp
index 2f80673..7eb6eb1 100644
--- a/core/sql/executor/ExExeUtilGet.cpp
+++ b/core/sql/executor/ExExeUtilGet.cpp
@@ -45,6 +45,7 @@
 #include  "ex_tcb.h"
 #include  "ComSqlId.h"
 #include  "ComMisc.h"
+#include  "ComUser.h"
 
 #include  "ExExeUtil.h"
 #include  "ex_exe_stmt_globals.h"
@@ -52,6 +53,8 @@
 #include  "exp_clause_derived.h"
 #include  "ExpLOB.h"
 #include  "ComRtUtils.h"
+#include  "CmpCommon.h"
+#include  "CmpContext.h"
 
 #include  "sqlcmd.h"
 #include  "SqlciEnv.h"
@@ -62,6 +65,7 @@
 
 #include "CmpDDLCatErrorCodes.h"
 #include "PrivMgrCommands.h"
+#include "PrivMgrComponentPrivileges.h"
 
 #include "ExpHbaseInterface.h"
 #include "sql_buffer_size.h"
@@ -161,7 +165,7 @@ static const QueryString getUsersForRoleQuery[] =
   {" select translate(rtrim(RU.grantee_name) using ucs2toutf8) "},
   {"   from %s.\"%s\".%s RU "},
   {" where (RU.grantor_ID != -2) and "},
-  {"       (RU.role_name='%s') "},
+  {"       (RU.role_name = '%s') %s "},
   {" order by 1"},
   {" ; "}
 };
@@ -172,7 +176,70 @@ static const QueryString getRolesForUserQuery[] =
   {" select translate(rtrim(RU.role_name) using ucs2toutf8) "},
   {"   from %s.\"%s\".%s RU "},
   {" where (RU.grantor_ID != -2) and "},
-  {"       (RU.grantee_name='%s') "},
+  {"       (RU.grantee_name='%s') %s "},
+  {" union select * from (values ('PUBLIC')) "},
+  {" order by 1 "},
+  {" ; "}
+};
+
+static const QueryString getPrivsForAuthsQuery[] = 
+{
+  {" select translate(rtrim(object_name) using ucs2toutf8), "},
+  {"    case when bitextract(privileges_bitmap,63,1) = 1 then 'S' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,62,1) = 1 then 'I' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,61,1) = 1 then 'D' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,60,1) = 1 then 'U' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,59,1) = 1 then 'G' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,58,1) = 1 then 'R' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,57,1) = 1 then 'E' "},
+  {"      else '-' end as privs "},
+  {" from %s.\"%s\".%s "},
+  {" where grantee_id %s "},
+  {" union "},
+  {"  (select translate(rtrim(object_name) using ucs2toutf8) || ' <Column> ' || "},
+  {"          translate(rtrim(column_name) using ucs2toutf8), "},
+  {"    case when bitextract(privileges_bitmap,63,1) = 1 then 'S' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,62,1) = 1 then 'I' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,61,1) = 1 then 'D' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,60,1) = 1 then 'U' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,59,1) = 1 then 'G' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,58,1) = 1 then 'R' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,57,1) = 1 then 'E' "},
+  {"      else '-' end as privs "},
+  {"   from %s.\"%s\".%s p, %s.\"%s\".%s c "},
+  {"   where p.object_uid = c.object_uid "},
+  {"     and p.column_number = c.column_number "},
+  {"     and grantee_id %s )"},
+  {" union "},
+  {"  (select translate(rtrim(schema_name) using ucs2toutf8), "},
+  {"    case when bitextract(privileges_bitmap,63,1) = 1 then 'S' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,62,1) = 1 then 'I' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,61,1) = 1 then 'D' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,60,1) = 1 then 'U' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,59,1) = 1 then 'G' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,58,1) = 1 then 'R' "},
+  {"      else '-' end || "},
+  {"     case when bitextract(privileges_bitmap,57,1) = 1 then 'E' "},
+  {"      else '-' end as privs "},
+  {"   from %s.\"%s\".%s "},
+  {"   where grantee_id %s )"},
   {" order by 1 "},
   {" ; "}
 };
@@ -421,7 +488,7 @@ static const QueryString getTrafUsers[] =
 {
   {" select distinct auth_db_name "},
   {"   from %s.\"%s\".%s "},
-  {"  where auth_type = 'U' "},
+  {"  where auth_type = 'U' %s "},
   {" order by 1 "},
   {"  ; "}
 };
@@ -430,7 +497,7 @@ static const QueryString getTrafRoles[] =
 {
   {" select distinct auth_db_name "},
   {"   from %s.\"%s\".%s "},
-  {"  where auth_type = 'R' "},
+  {"  where auth_type = 'R' %s "},
   {" union select * from (values ('PUBLIC')) "},
   {" order by 1 "},
   {"  ; "}
@@ -1097,6 +1164,10 @@ short ExExeUtilGetMetadataInfoTcb::displayHeading()
         str_sprintf(headingBuf_,"Privileges for User %s",getMItdb().getParam1());
     break;
 
+    case ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_:
+        str_sprintf(headingBuf_,"Privileges for Role %s",getMItdb().getParam1());
+    break;
+
     case ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_:
         str_sprintf(headingBuf_,"Procedures for User %s",getMItdb().getParam1());
     break;
@@ -1156,385 +1227,225 @@ short ExExeUtilGetMetadataInfoTcb::displayHeading()
   return 0;
 } // ExExeUtilGetMetadataInfoTcb::displayHeading
 
-//////////////////////////////////////////////////////////////////////
-// PrivilengesTypeForUserQuery() for ExExeUtilGetMetadataInfoTcb
-//////////////////////////////////////////////////////////////////////
-Lng32 ExExeUtilGetMetadataInfoTcb::setupPrivilegesTypeForUserQuery()
+// ----------------------------------------------------------------------------
+// getAuthID
+//
+// Reads the "_MD_".auths table to get the auth_id from the passed in authName.
+// If relationship not found for any reason, return 0, otherwise return
+// the authID.
+// ----------------------------------------------------------------------------
+Int32 ExExeUtilGetMetadataInfoTcb::getAuthID(
+  const char *authName,
+  const char *catName,
+  const char *schName, 
+  const char *objName)
 {
-  static const char setupSchemaPrivsForUserQuery[] =
-  {" INSERT INTO privsForUser "
-   " SELECT _UCS2'%s',"
-          " S.schema_name,"
-          " _UCS2'',"
-     " CASE SP.privilege_type "
-       " WHEN 'S'  THEN 'SELECT'"
-       " WHEN 'D'  THEN 'DELETE'"
-       " WHEN 'I'  THEN 'INSERT'"
-       " WHEN 'U'  THEN 'UPDATE'"
-       " WHEN 'R'  THEN 'REFERENCE'"
-       " WHEN 'E'  THEN 'EXECUTE'"
-       " WHEN 'AB' THEN 'ALTER TABLE'"
-       " WHEN 'AD' THEN 'DATABASE ADMIN'"
-       " WHEN 'AM' THEN 'ALTER MV'"
-       " WHEN 'AS' THEN 'ALTER SYNONYM'"
-       " WHEN 'AT' THEN 'ALTER TRIGGER'"
-       " WHEN 'AV' THEN 'ALTER VIEW'"
-       " WHEN 'CB' THEN 'CREATE TABLE'"
-       " WHEN 'CM' THEN 'CREATE MV'"
-       " WHEN 'CV' THEN 'CREATE VIEW'"
-       " WHEN 'DB' THEN 'DROP TABLE'"
-       " WHEN 'DV' THEN 'DROP VIEW'"
-       " ELSE SP.privilege_type"
-     " END "
-   " FROM HP_SYSTEM_CATALOG.SYSTEM_SCHEMA.schemata S,"
-        " HP_SYSTEM_CATALOG.HP_SECURITY_SCHEMA.users U,"
-        " %s.HP_DEFINITION_SCHEMA.objects O,"
-        " %s.HP_DEFINITION_SCHEMA.sch_privileges SP"
-   " WHERE U.user_name   = '%s' AND "
-         " S.cat_uid     = %Ld AND "
-         " S.schema_uid  = O.schema_uid AND "
-         " O.object_uid  = SP.table_uid AND "
-         " SP.grantee    = U.user_id AND "
-         " SP.grantor   != -2 "
-   " ; "
-  };
-
-  static const char setupTablePrivsForUserQuery[] =
-  {" INSERT INTO privsForUser "
-   " SELECT _UCS2'%s',"
-          " S.schema_name,"
-     " CAST (CASE "
-             " WHEN O.object_type = 'SL' THEN ''"
-             " ELSE O.object_name "
-           " END "
-           " AS char(128)), "
-     " CASE TP.privilege_type "
-       " WHEN 'S'  THEN 'SELECT'"
-       " WHEN 'D'  THEN 'DELETE'"
-       " WHEN 'I'  THEN 'INSERT'"
-       " WHEN 'U'  THEN 'UPDATE'"
-       " WHEN 'R'  THEN 'REFERENCE'"
-       " ELSE TP.privilege_type"
-     " END "
-   " FROM HP_SYSTEM_CATALOG.SYSTEM_SCHEMA.schemata S,"
-        " HP_SYSTEM_CATALOG.HP_SECURITY_SCHEMA.users U,"
-        " %s.HP_DEFINITION_SCHEMA.objects O,"
-        " %s.HP_DEFINITION_SCHEMA.tbl_privileges TP"
-   " WHERE U.user_name  = '%s' AND"
-         " S.cat_uid    = %Ld AND"
-         " S.schema_uid = O.schema_uid AND"
-         " O.object_uid = TP.table_uid AND"
-         " TP.grantee   = U.user_id AND"
-         " TP.grantor  != -2"
-   " ; "
-  };
-
   short rc      = 0;
   Lng32 cliRC   = 0;
-  Lng32 len     = 0;
-  Lng32 retcode = SQL_Success;
 
-  char * user_name = getMItdb().getParam1();  // ucs2 or utf8 param1?
+  sprintf(queryBuf_, "select auth_id from %s.\"%s\".%s where auth_db_name = '%s' ",
+          catName, schName, objName, authName);
 
-  const char *parentQid = NULL;
-  ExExeStmtGlobals *stmtGlobals = getGlobals()->castToExExeStmtGlobals();
-  if (stmtGlobals->castToExMasterStmtGlobals())
-    parentQid = stmtGlobals->castToExMasterStmtGlobals()->
-      getStatement()->getUniqueStmtId();
-  else 
-  {
-    ExEspStmtGlobals *espGlobals = stmtGlobals->castToExEspStmtGlobals();
-    if (espGlobals && espGlobals->getStmtStats())
-      parentQid = espGlobals->getStmtStats()->getQueryId();
-  }
-  ExeCliInterface cliInterface(getHeap(), NULL, NULL, parentQid);
-
-  cliRC = cliInterface.executeImmediate(
-    "create volatile table privsForUser "
-    "(cat_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  NOT NULL NOT DROPPABLE,"
-    " sch_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  NOT NULL NOT DROPPABLE,"
-    " obj_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  default NULL,"
-    " priv_type char( 14) CHARACTER SET ISO88591 CASESPECIFIC NOT NULL NOT DROPPABLE, "
-    " primary key(cat_name, sch_name, obj_name, priv_type)"
-    ") no partition; ");
-  if (cliRC < 0) return cliRC;
-
-  sprintf(queryBuf_,"select translate(rtrim(cat_name) using ucs2toutf8), cat_uid "
-                    "from hp_system_catalog.system_schema.catsys;"
-         );
-
-  if (initializeInfoList(infoList_)) return -1;
+  if (initializeInfoList(infoList_)) return 0;
 
-  numOutputEntries_ = 2;
+  numOutputEntries_ = 1;
   cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
-  if (cliRC < 0) return cliRC;
-
-  infoList_->position();
-  for (Int32 i32 = 0; i32 < infoList_->numEntries(); i32++)
+  if (cliRC < 0) 
   {
-    OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
-    char * cat_name = vi->get(0);
-    NAString extCatName(ToAnsiIdentifier(cat_name));
+    cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
+    return 0;
+  }
 
-    char * ptr = vi->get(1);
-    len = (short)(ptr ? strlen(ptr) : 0);
-    Int64 * cat_uid = (Int64 *)ptr;
+  infoList_->position();
+  OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
+  if (vi)
+    return *(Lng32*)vi->get(0);
+  return 0;
+}
 
-    // Process table of schema privileges for current catalog
-    sprintf(queryBuf_, setupSchemaPrivsForUserQuery,
-            cat_name, extCatName.data(), extCatName.data(), user_name, *cat_uid);
 
-    cliRC = cliInterface.executeImmediate(queryBuf_);
-    if (cliRC < 0) return cliRC;
+// ----------------------------------------------------------------------------
+// getRoleList
+//
+// Reads the "_PRIVMGR_MD_".role_usage table to return the list of role IDs
+// granted to the user specified in userID.
+//
+// If none found, or an unexpected error occurs, NULL is returned.
+// The function allocates memory for the returned role list, the caller is
+// responsible for deleting this memory.
+//
+// The returned role list includes the roles granted, plus the userID passed
+// in, plus the special role PUBLIC.  It is returned in a format that can be
+// used in a query "in" clause.
+//
+// For example:
+//   (-1, 33334, 1000004, 1000056)
+// ----------------------------------------------------------------------------
+char * ExExeUtilGetMetadataInfoTcb::getRoleList(
+  const Int32 userID,
+  const char *catName,
+  const char *schName,
+  const char *objName)
+{
+  short rc      = 0;
+  Lng32 cliRC   = 0;
 
-    // Process table of table privileges for current catalog
-    sprintf(queryBuf_, setupTablePrivsForUserQuery,
-            cat_name, extCatName.data(), extCatName.data(), user_name, *cat_uid);
+  sprintf(queryBuf_, "select role_id from %s.\"%s\".%s where grantee_id = %d ",
+          catName, schName, objName, userID);
 
-    cliRC = cliInterface.executeImmediate(queryBuf_);
-    if (cliRC < 0) return cliRC;
+  if (initializeInfoList(infoList_)) return NULL;
 
-    infoList_->advance();
+  numOutputEntries_ = 1;
+  cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
+  if (cliRC < 0)
+  {
+    cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
+    return NULL;
   }
 
-  return cliRC;
-
-} // ExExeUtilGetMetadataInfoTcb::setupPrivilegesTypeForUserQuery
+  NAString roleList("(-1");
+  char buf[30];
+  NABoolean isFirst = TRUE;
+  infoList_->position();
+  while (NOT infoList_->atEnd())
+    {
+      OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
+      if (vi)
+      {
+        roleList += ", ";
+        str_sprintf(buf, "%d", *(Lng32*)vi->get(0));
+        roleList += buf;
+        isFirst = FALSE;
+      }
+      infoList_->advance();
+    }
+  str_sprintf(buf, ", %d)", userID);
+  roleList += buf;
 
-//////////////////////////////////////////////////////////////////
-// setupObjectTypeForUserQuery() for ExExeUtilGetMetadataInfoTcb
-//////////////////////////////////////////////////////////////////
-Lng32 ExExeUtilGetMetadataInfoTcb::setupObjectTypeForUserQuery()
-{
-  static const char setupObjsForUserQuery[] =
-  {" INSERT into objsForUser"
-   " SELECT _UCS2'%s',"
-          " S.schema_name,"
-          " O.object_name"
-   " FROM HP_SYSTEM_CATALOG.SYSTEM_SCHEMA.SCHEMATA S,"
-        " HP_SYSTEM_CATALOG.HP_SECURITY_SCHEMA.USERS U,"
-        " %s.HP_DEFINITION_SCHEMA.OBJECTS O"
-   " WHERE S.CAT_UID      = %Ld AND"
-         " S.SCHEMA_UID   = O.SCHEMA_UID AND"
-         " U.USER_NAME    = '%s' AND"
-         " O.OBJECT_TYPE  = '%s' AND"
-         " O.OBJECT_OWNER = U.USER_ID"
-         " %s"
-   " ; "
-  };
+  char * list = new (getHeap()) char [roleList.length() + 1];
+  strcpy(list, roleList.data());
+  list[roleList.length()] = 0;
 
-  short rc      = 0;
-  Lng32 cliRC   = 0;
-  Lng32 len     = 0;
-  Lng32 retcode = SQL_Success;
-  char obj_type[3];
-  char predStr[500] = {""};
+  return list;
+}
 
-  char * user_name = getMItdb().getParam1();
 
-  switch (getMItdb().queryType_)
+// ----------------------------------------------------------------------------
+// method:  checkUserPrivs
+//
+//  return TRUE to add privilege checks to queries
+//  return FALSE to return all details independent of privileges
+// ----------------------------------------------------------------------------
+NABoolean ExExeUtilGetMetadataInfoTcb::checkUserPrivs(
+  ContextCli * currContext,
+  const ComTdbExeUtilGetMetadataInfo::QueryType queryType)
+{
+  // if no authorization, everyone sees everything
+  if (!CmpCommon::context()->isAuthorizationEnabled())
+    return FALSE;
+
+  // Root user sees everything
+  if (ComUser::isRootUserID())
+    return FALSE;
+
+  // any user granted the DB__ROOTROLE sees everything
+  Int32 numRoles;
+  Int32 *roleList;
+  if (currContext->getRoleList(numRoles, roleList) == SUCCESS)
   {
-    case ComTdbExeUtilGetMetadataInfo::INDEXES_FOR_USER_:
-    {
-      strcpy(obj_type, "IX");
-      str_sprintf(predStr, " AND O.object_name_space = 'IX' "
-                           " AND O.object_security_class = 'UT' ");
-      break;
-    }
-    case ComTdbExeUtilGetMetadataInfo::LIBRARIES_FOR_USER_:
+    char authIDAsChar[sizeof(Int32)+10];
+    NAString auths;
+    for (Int32 i = 0; i < numRoles; i++)
     {
-      strcpy(obj_type, "LB");//ACH verify this is being stored as expected - SMDIO?
-      break;
-    }
-    case ComTdbExeUtilGetMetadataInfo::MVS_FOR_USER_:
-    {
-      strcpy(obj_type, "MV");
-      break;
-    }
-    case ComTdbExeUtilGetMetadataInfo::MVGROUPS_FOR_USER_:
-    {
-      strcpy(obj_type, "RG");
-      break;
+      if (roleList[i] == ROOT_ROLE_ID)
+        return FALSE;
     }
-    case ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_:
+  }
+
+  // any user granted the SHOW component privilege sees everything
+  std::string privMDLoc = getMItdb().cat_.getPointer();
+  privMDLoc += ".\"";
+  privMDLoc += SEABASE_PRIVMGR_SCHEMA;
+  privMDLoc += "\"";
+  PrivMgrComponentPrivileges componentPrivileges(privMDLoc,getDiagsArea());
+
+  if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::SHOW,true))
+    return FALSE;
+
+  // Check component privilege based on QueryType
+  switch (queryType)
+  {
+    // if user has MANAGE_ROLES, can perform role operations
+    case ComTdbExeUtilGetMetadataInfo::ROLES_:
+    case ComTdbExeUtilGetMetadataInfo::ROLES_FOR_ROLE_:
+    case ComTdbExeUtilGetMetadataInfo::ROLES_FOR_USER_:
     {
-      strcpy(obj_type, "UR");
+      if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::MANAGE_ROLES, true))
+        return FALSE;
       break;
     }
-    case ComTdbExeUtilGetMetadataInfo::SYNONYMS_FOR_USER_:
+
+    // if user has MANAGE_USERS, can perform user operations
+    case ComTdbExeUtilGetMetadataInfo::USERS_:
+    case ComTdbExeUtilGetMetadataInfo::USERS_FOR_ROLE_:
     {
-      strcpy(obj_type, "SY");
+      if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::MANAGE_USERS,true))
+        return FALSE;
       break;
     }
-    case ComTdbExeUtilGetMetadataInfo::TABLES_FOR_USER_:
+
+    // if user has MANAGE_COMPONENTS, can perform component operations
+    case ComTdbExeUtilGetMetadataInfo::COMPONENTS_:
+    case ComTdbExeUtilGetMetadataInfo::COMPONENT_OPERATIONS_:
+    case ComTdbExeUtilGetMetadataInfo::COMPONENT_PRIVILEGES_:
     {
-      strcpy(obj_type, "BT");
-      if (getMItdb().userObjs())
-      {
-        str_sprintf(predStr, " and O.object_name_space = 'TA' "
-                             " and O.object_security_class = 'UT' ");
-      }
-      else if (getMItdb().systemObjs())
-      {
-        str_sprintf(predStr, " and O.object_security_class <> 'UT' ");
-      }
+      if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::MANAGE_COMPONENTS,true))
+        return FALSE;
       break;
     }
-    case ComTdbExeUtilGetMetadataInfo::TRIGGERS_FOR_USER_:
+
+    // if user has MANAGE_LIBRARIES, can perform library operations
+    case ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_LIBRARY_:
+    case ComTdbExeUtilGetMetadataInfo::FUNCTIONS_FOR_LIBRARY_:
+    case ComTdbExeUtilGetMetadataInfo::TABLE_FUNCTIONS_FOR_LIBRARY_:
     {
-      strcpy(obj_type, "TR");
+      if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::MANAGE_LIBRARY,true))
+        return FALSE;
       break;
     }
-    case ComTdbExeUtilGetMetadataInfo::VIEWS_FOR_USER_:
+
+   // if user has DML_SELECT, can perform object operations
+   case ComTdbExeUtilGetMetadataInfo::CATALOGS_:
+   case ComTdbExeUtilGetMetadataInfo::SCHEMAS_IN_CATALOG_:
+   case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_CATALOG_:
+   case ComTdbExeUtilGetMetadataInfo::SEQUENCES_IN_CATALOG_:
+   case ComTdbExeUtilGetMetadataInfo::TABLES_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::INDEXES_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::LIBRARIES_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::PROCEDURES_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::SEQUENCES_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::FUNCTIONS_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::TABLE_FUNCTIONS_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::OBJECTS_IN_SCHEMA_:
+   case ComTdbExeUtilGetMetadataInfo::INDEXES_ON_TABLE_:
+   case ComTdbExeUtilGetMetadataInfo::VIEWS_ON_TABLE_:
+   case ComTdbExeUtilGetMetadataInfo::VIEWS_ON_VIEW_:
+   case ComTdbExeUtilGetMetadataInfo::OBJECTS_ON_TABLE_:
+   case ComTdbExeUtilGetMetadataInfo::PARTITIONS_FOR_TABLE_:
+   case ComTdbExeUtilGetMetadataInfo::PARTITIONS_FOR_INDEX_:
+   case ComTdbExeUtilGetMetadataInfo::TABLES_IN_VIEW_:
+   case ComTdbExeUtilGetMetadataInfo::VIEWS_IN_VIEW_:
+   case ComTdbExeUtilGetMetadataInfo::OBJECTS_IN_VIEW_:
     {
-      strcpy(obj_type, "VI");
+      if (componentPrivileges.hasSQLPriv(ComUser::getCurrentUser(),SQLOperation::DML_SELECT,true))
+        return FALSE;
       break;
     }
-    default:
-      return -1;
-  }
-
-  const char *parentQid = NULL;
-  ExExeStmtGlobals *stmtGlobals = getGlobals()->castToExExeStmtGlobals();
-  if (stmtGlobals->castToExMasterStmtGlobals())
-    parentQid = stmtGlobals->castToExMasterStmtGlobals()->
-      getStatement()->getUniqueStmtId();
-  else
-  {
-    ExEspStmtGlobals *espGlobals = stmtGlobals->castToExEspStmtGlobals();
-    if (espGlobals && espGlobals->getStmtStats())
-      parentQid = espGlobals->getStmtStats()->getQueryId();
+   default:
+     break;
   }
-  ExeCliInterface cliInterface(getHeap(), NULL, NULL, parentQid);
-
-  cliRC = cliInterface.executeImmediate(
-    "create volatile table objsForUser "
-    "(cat_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  NOT NULL NOT DROPPABLE,"
-    " sch_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  NOT NULL NOT DROPPABLE,"
-    " obj_name  char(128) CHARACTER SET UCS2 CASESPECIFIC  default NULL,"
-    " primary key (cat_name, sch_name, obj_name)"
-    ") no partition; ");
-  if (cliRC < 0) return cliRC;
-
-  sprintf(queryBuf_,"select translate(rtrim(cat_name) using ucs2toutf8), cat_uid "
-                    "from hp_system_catalog.system_schema.catsys;"
-         );
-
-  if (initializeInfoList(infoList_)) return -1;
-
-  numOutputEntries_ = 2;
-  cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
-  if (cliRC < 0) return cliRC;
-
-  infoList_->position();
-  for (Int32 i32 = 0; i32 < infoList_->numEntries(); i32++)
-  {
-    OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
-    char * cat_name = vi->get(0);
-    NAString extCatName(ToAnsiIdentifier(cat_name));
-
-    char * ptr = vi->get(1);
-    len = (short)(ptr ? strlen(ptr) : 0);
-    Int64 * cat_uid = (Int64 *)ptr;
-
-    sprintf(queryBuf_, setupObjsForUserQuery,
-            cat_name, extCatName.data(),*cat_uid, user_name, obj_type, predStr);
-
-    cliRC = cliInterface.executeImmediate(queryBuf_);
-    if (cliRC < 0) return cliRC;
-
-    infoList_->advance();
-  }
-
-  return cliRC;
-
-} // ExExeUtilGetMetadataInfoTcb::setupObjectTypeForUser()
-
-Int32 ExExeUtilGetMetadataInfoTcb::setupAuthIDInfo(const char *authName,
-                                                   char authID[MAX_AUTHIDTYPE_CHAR],
-                                                   AuthIdType authIDType)
-{
-  short rc      = 0;
-  Lng32 cliRC   = 0;
-  char predStr[500] = {""};
-
-  switch (authIDType)
-  {
-    case ROLES_:
-      str_sprintf(predStr, "select cast(auth_id as char(10)) from "
-           " hp_system_catalog.hp_security_schema.id_mapping "
-           " where auth_id = (select role_id from "
-           "                    hp_system_catalog.hp_security_schema.roles "
-           "                   where role_name = '%s') "
-           " ; ",
-        authName, authName);
-      break;
-
-    case USERS_:
-      str_sprintf(predStr, "select cast(auth_id as char(10)) from "
-           " hp_system_catalog.hp_security_schema.id_mapping "
-           " where auth_id = (select user_id from "
-           "                    hp_system_catalog.hp_security_schema.users "
-           "                   where user_name = '%s') "
-           " ; ",
-        authName, authName);
-      break;
-     
-    default:
-      str_sprintf(predStr, "select cast(auth_id as char(10)) from "
-           " hp_system_catalog.hp_security_schema.id_mapping "
-           " where (auth_id = (select user_id from "
-           "                    hp_system_catalog.hp_security_schema.users "
-           "                   where user_name = '%s') "
-           "    or  auth_id = (select role_id from "
-           "                    hp_system_catalog.hp_security_schema.roles "
-              "                   where role_name = '%s')) "
-           " ; ",
-        authName, authName);
-      break;
-  }
-
-  sprintf(queryBuf_, predStr );
-
-  if (initializeInfoList(infoList_)) return -1;
-
-  numOutputEntries_ = 1;
-  cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
-  if (cliRC != 0) return cliRC;
-  if (rc == 100) return rc;
-
-  infoList_->position();
-  OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
-  const char *pAuthID = vi->get(0);
-  str_cpy_and_null (authID, pAuthID, 10);
-
-  return cliRC;
-}
-
-Int32 ExExeUtilGetMetadataInfoTcb::setupCurrentUserInfo(char *userName)
-{
-  short rc      = 0;
-  Lng32 cliRC   = 0;
-
-  sprintf(queryBuf_, "values (current_user); ");
-
-  if (initializeInfoList(infoList_)) return -1;
-
-  numOutputEntries_ = 1;
-  cliRC = fetchAllRows(infoList_, queryBuf_, numOutputEntries_, FALSE, rc);
-  if (cliRC < 0) return cliRC;
-
-  infoList_->position();
-  OutputInfo * vi = (OutputInfo*)infoList_->getCurr();
-  const char *pUserName = vi->get(0);
-  short len = strlen(pUserName);
-  str_cpy_and_null(userName, pUserName, len);
-
-// Null terminate since the above will not unless source has a blank.
-
-  userName[len] = '\0';
-
-  return cliRC;
+  return TRUE;
 }
 
 //////////////////////////////////////////////////////
@@ -1629,11 +1540,15 @@ short ExExeUtilGetMetadataInfoTcb::work()
 	    char sch[100];
             char pmsch[100];
 	    char tab[100];
+	    char col[100];
             char indexes[100];
 	    char view[100];
 	    char view_usage[100];
             char auths[100];
             char role_usage[100];
+            char objPrivs[100];
+            char schPrivs[100];
+            char colPrivs[100];
             char components[100];
             char componentOperations[100];
             char componentPrivileges[100];
@@ -1646,10 +1561,14 @@ short ExExeUtilGetMetadataInfoTcb::work()
 	    strcpy(sch, SEABASE_MD_SCHEMA);
 	    strcpy(pmsch, SEABASE_PRIVMGR_SCHEMA);
 	    strcpy(tab, SEABASE_OBJECTS);
+	    strcpy(col, SEABASE_COLUMNS);
 	    strcpy(view, SEABASE_VIEWS);
 	    strcpy(view_usage, SEABASE_VIEWS_USAGE);
             strcpy(indexes, SEABASE_INDEXES);
             strcpy(auths, SEABASE_AUTHS);
+            strcpy(objPrivs, "OBJECT_PRIVILEGES");
+            strcpy(colPrivs, "COLUMN_PRIVILEGES");
+            strcpy(schPrivs, "SCHEMA_PRIVILEGES");
             strcpy(role_usage, "ROLE_USAGE");
             strcpy(components, "COMPONENTS");
             strcpy(componentOperations, "COMPONENT_OPERATIONS");
@@ -1657,26 +1576,51 @@ short ExExeUtilGetMetadataInfoTcb::work()
             strcpy(routine, SEABASE_ROUTINES);
             strcpy(library_usage, SEABASE_LIBRARIES_USAGE);
 
+            // Determine if need to restrict data to user visable data only.
+            NABoolean doPrivCheck = checkUserPrivs(currContext, getMItdb().queryType_);  
+            NAString privWhereClause;
+
+            // get active roles for current user and put in a list that can be
+            // used in a select "IN" clause.  Include the current user
+            NAString authList;
+            if (CmpCommon::context()->isAuthorizationEnabled())
+            {
+               // always include the current user in the list of auth IDs
+               char authIDAsChar[sizeof(Int32)+10];
+               str_sprintf(authIDAsChar, "(%d", *currContext->getDatabaseUserID());
+               authList += authIDAsChar;
+
+               // add list of roles stored in context
+               Int32 numRoles;
+               Int32 *roleList;
+               if (currContext->getRoleList(numRoles, roleList) != SUCCESS)
+                 numRoles = 0;
+               for (Int32 i = 0; i < numRoles; i++)
+               {
+                 authList += ", ";
+                 str_sprintf(authIDAsChar, "%d", roleList[i]);
+                 authList += authIDAsChar;
+               } 
+               authList += ")";
+            }
 
-          // "get components;" or "get component privileges on <component>;" are called,
-          // but authorization tables were not initialized,
-	      if(getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::COMPONENTS_
+            // If request to get privilege information but authorization tables were not initialized,
+	    if(getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::COMPONENTS_
 	      ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::COMPONENT_OPERATIONS_
-	      ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::COMPONENT_PRIVILEGES_)
-	      {
-                NAString privMDLoc = getMItdb().cat_.getPointer();
-                privMDLoc += ".\"";
-                privMDLoc += SEABASE_PRIVMGR_SCHEMA;
-                privMDLoc += "\"";
-                PrivMgrCommands privMgrInterface(privMDLoc.data(), CmpCommon::diags());
-                if (!privMgrInterface.isAuthorizationEnabled())
-                {
-                    ComDiagsArea * diags = getDiagsArea();
-                    *diags << DgSqlCode(-CAT_AUTHORIZATION_NOT_ENABLED);
-                    step_ = HANDLE_ERROR_;
-                    break;
-                }
-         }
+	      ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::COMPONENT_PRIVILEGES_
+              ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::USERS_FOR_ROLE_
+              ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::ROLES_FOR_USER_
+              ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_
+              ||getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_)
+	    {
+               if (!CmpCommon::context()->isAuthorizationEnabled())
+               {
+                  ComDiagsArea * diags = getDiagsArea();
+                  *diags << DgSqlCode(-CAT_AUTHORIZATION_NOT_ENABLED);
+                  step_ = HANDLE_ERROR_;
+                  break;
+               }
+            }
 
 	    switch (getMItdb().queryType_)
 	      {
@@ -1841,9 +1785,17 @@ short ExExeUtilGetMetadataInfoTcb::work()
                   qs = getTrafUsers;
                   sizeOfqs = sizeof(getTrafUsers);
 
+                  if (doPrivCheck)
+                  {
+                     char buf[authList.length() + 100];
+                     str_sprintf(buf, " and auth_id in %s", authList.data());
+                     privWhereClause = buf;
+                  }
+
                   param_[0] = cat;
                   param_[1] = sch;
                   param_[2] = auths;
+                  param_[3] = (char *) privWhereClause.data();
 		}
                 break;
               case ComTdbExeUtilGetMetadataInfo::PROCEDURES_IN_SCHEMA_:
@@ -1941,9 +1893,17 @@ short ExExeUtilGetMetadataInfoTcb::work()
 
                   sizeOfqs = sizeof(getTrafRoles);
 
+                  if (doPrivCheck)
+                  {
+                     char buf[authList.length() + 100];
+                     str_sprintf(buf, " and auth_id in %s", authList.data());
+                     privWhereClause = buf;
+                  }
+
                   param_[0] = cat;
                   param_[1] = sch;
                   param_[2] = auths;
+                  param_[3] = (char *) privWhereClause.data();
                 }
               break;
 
@@ -1952,10 +1912,15 @@ short ExExeUtilGetMetadataInfoTcb::work()
                   qs = getUsersForRoleQuery;
                   sizeOfqs = sizeof(getUsersForRoleQuery);
                   
+                  // return the name if the role has been granted to the current user
+                  if (doPrivCheck)  
+                     privWhereClause = " and grantee_name = CURRENT_USER ";
+
                   param_[0] = cat;
                   param_[1] = pmsch;
                   param_[2] = role_usage;
                   param_[3] = getMItdb().getParam1();
+                  param_[4] = (char *) privWhereClause.data();
                 }
               break;
                 
@@ -1964,13 +1929,140 @@ short ExExeUtilGetMetadataInfoTcb::work()
                   qs = getRolesForUserQuery;
                   sizeOfqs = sizeof(getRolesForUserQuery);
                   
+                  // return the name if the current user was granted the role
+                  if (doPrivCheck)  
+                     privWhereClause = " and CURRENT_USER=RU.grantee_name ";
+
                   param_[0] = cat;
                   param_[1] = pmsch;
                   param_[2] = role_usage;
                   param_[3] = getMItdb().getParam1();
+                  param_[4] = (char *) privWhereClause.data();
                 }
               break;
               
+              case ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_:
+              case ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_:
+                {
+                  NABoolean isRole = 
+                     (getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_); 
+              
+                  // Get the authID associated with the current user
+                  Int32 authID;
+                  if (strcmp(getMItdb().getParam1(), PUBLIC_AUTH_NAME) == 0)
+                    authID = PUBLIC_USER; 
+                  else
+                    authID = getAuthID(getMItdb().getParam1(), cat, sch, auths);
+
+                  // If the authID was not found for various reasons just return
+                  // Other "get" commands continue and return no rows but it is
+                  // easier to just return with an error.
+                  if (authID == 0)
+                    { 
+                      ComDiagsArea * diags = getDiagsArea();
+                      *diags << DgSqlCode(-8732)
+                             << DgString0(getMItdb().getParam1());
+                      step_ = HANDLE_ERROR_;
+                      break;
+                    }
+
+                  if (isRole)
+                    {
+                       // treating PUBLIC (-1) as a role in this instance, return
+                       // error if authID is not a role
+                       if (!CmpSeabaseDDLauth::isRoleID(authID) && authID != PUBLIC_USER)
+                        {
+                          ComDiagsArea * diags = getDiagsArea();
+                          *diags << DgSqlCode(-CAT_IS_NOT_A_ROLE)
+                                 << DgString0(getMItdb().getParam1());
+                          step_ = HANDLE_ERROR_;
+                          break;
+                        }
+                    }
+
+                  else
+                    {
+                      // Return an error if authID is not a user
+                      if (!CmpSeabaseDDLauth::isUserID(authID))
+                        {
+                          ComDiagsArea * diags = getDiagsArea();
+                          *diags << DgSqlCode(-CAT_IS_NOT_A_USER)
+                                 << DgString0(getMItdb().getParam1());
+                          step_ = HANDLE_ERROR_;
+                          break;
+                        }
+                    }
+               
+                  qs = getPrivsForAuthsQuery;
+                  sizeOfqs = sizeof(getPrivsForAuthsQuery);
+
+                  char buf[authList.length() + 100];
+                  if (isRole)
+                  {
+                    if (doPrivCheck)
+                      // Only return name if current user has been
+                      // granted the role
+                      str_sprintf(buf, " = %d and %d in %s ", 
+                                  authID, authID, authList.data());
+                    else
+                      // return all role grantees
+                      str_sprintf(buf, " = %d ", authID );
+                  }
+                  else
+                  {
+                    if (doPrivCheck)
+                    {
+                      // If asking for privileges for a user other than CURRENT_USER, 
+                      // use -2 (special user called _SYSTEM), privileges can never 
+                      // be granted to _SYSTEM. This returns an empty list 
+                      // which match other "get" statements behavior.
+                      if (strcmp(getMItdb().getParam1(), currContext->getDatabaseUserName()) != 0)
+                        str_sprintf(buf, " = -2 ");
+                      else
+                       // return all privs for the user and the users roles
+                       str_sprintf(buf, " in %s ", authList.data());
+                    }
+
+                    else
+                      if (*currContext->getDatabaseUserID() == authID)
+                        str_sprintf(buf, " in %s ", authList.data());
+                      else
+                        {
+                          // If getting privileges for a user other than the CURRENT USER,
+                          // get the list of roles for this other user.
+                          char *userRoleList = getRoleList(authID, cat, pmsch, role_usage);
+                          if (userRoleList)
+                          {
+                            str_sprintf(buf, " in %s ", userRoleList);
+                            NADELETEBASIC(userRoleList, getHeap());
+                          }
+                          else 
+                            str_sprintf(buf, " = %d ", authID);
+                        }
+                  }
+                  privWhereClause = buf;
+
+                  // Union privileges between object, column and schema
+                  param_[0] = cat;
+                  param_[1] = pmsch;
+                  param_[2] = objPrivs;
+                  param_[3] = (char *) privWhereClause.data();
+                  param_[4] = cat;
+                  param_[5] = pmsch;
+                  param_[6] = colPrivs;
+                  param_[7] = cat;
+                  param_[8] = sch;
+                  param_[9] = col;
+                  param_[10] = (char *) privWhereClause.data();
+                  param_[11] = cat;
+                  param_[12] = pmsch;
+                  param_[13] = schPrivs;
+                  param_[14] = (char *) privWhereClause.data();
+
+                  numOutputEntries_ = 2;
+                }
+              break;
+
               case ComTdbExeUtilGetMetadataInfo::COMPONENTS_:
               {
                 qs = getComponents;
@@ -2124,6 +2216,20 @@ short ExExeUtilGetMetadataInfoTcb::work()
  
 	    exprRetCode = ex_expr::EXPR_TRUE;
 
+            if ((getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_) ||
+                (getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_))
+            {
+              // output:  privileges<4spaces>object name
+              NAString outputStr (vi->get(1));
+              outputStr += "    ";
+              outputStr += ptr;
+  
+              char * outputCharStr = new char[outputStr.length() + 1];
+              memset (outputCharStr,'\0', outputStr.length() + 1);
+              str_cpy_all(outputCharStr, outputStr.data(), outputStr.length());
+              ptr = outputCharStr;
+              len = outputStr.length();
+            }
 	    if ((getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::TRIGTEMP_TABLE_ON_TABLE_ ) || 
 		(getMItdb().queryType_ == ComTdbExeUtilGetMetadataInfo::TRIGTEMP_TABLE_ON_MV_ ))
 	      {
@@ -2374,28 +2480,6 @@ short ExExeUtilGetMetadataInfoTcb::work()
 	    retcode = handleError();
 	    if (retcode == 1)
 	      {
-		switch (getMItdb().queryType_)
-		  {
-		  case ComTdbExeUtilGetMetadataInfo::INDEXES_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::LIBRARIES_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::MVS_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::MVGROUPS_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::SYNONYMS_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::TABLES_FOR_USER_:
-		  case ComTdbExeUtilGetMetadataInfo::VIEWS_FOR_USER_:
-		    {
-		      cliInterface()->executeImmediate("drop table objsForUser;");
-		      break;
-		    }
-		  case ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_:
-		    {
-		      cliInterface()->executeImmediate("drop table privsForUser;");
-		      break;
-		    }
-		  default:
-		    ;
-		  } // switch
 		return WORK_OK;
 	      } // if (retcode
 	    
@@ -2405,46 +2489,6 @@ short ExExeUtilGetMetadataInfoTcb::work()
 
 	case DONE_:
 	  {
-	    switch (getMItdb().queryType_)
-	      {
-	      case ComTdbExeUtilGetMetadataInfo::INDEXES_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::LIBRARIES_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::MVS_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::MVGROUPS_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::SYNONYMS_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::TABLES_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::TRIGGERS_FOR_USER_:
-	      case ComTdbExeUtilGetMetadataInfo::VIEWS_FOR_USER_:
-		{
-		  cliRC = cliInterface()->executeImmediate("drop table objsForUser;");
-		  if (cliRC < 0)
-		    {
-		      cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
-		      retcode = handleError();
-		      if (retcode == 1)		// qparent_.up->isFull()
-			return WORK_OK;
-		    }
-		}
-		break;
-		
-	      case ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_:
-		{
-		  cliRC = cliInterface()->executeImmediate("drop table privsForUser;");
-		  if (cliRC < 0)
-		    {
-		      cliInterface()->retrieveSQLDiagnostics(getDiagsArea());
-		      retcode = handleError();
-		      if (retcode == 1)		// qparent_.up->isFull()
-			return WORK_OK;
-		    }
-		}
-		break;
-		
-	      default:
-		;
-	      } // switch
-	    
 	    retcode = handleDone();
 	    if (retcode == 1)
 	      return WORK_OK;

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/60cdb459/core/sql/generator/GenRelExeUtil.cpp
----------------------------------------------------------------------
diff --git a/core/sql/generator/GenRelExeUtil.cpp b/core/sql/generator/GenRelExeUtil.cpp
index 92e61d8..1822725 100644
--- a/core/sql/generator/GenRelExeUtil.cpp
+++ b/core/sql/generator/GenRelExeUtil.cpp
@@ -1758,6 +1758,7 @@ short ExeUtilGetMetadataInfo::codeGen(Generator * generator)
     {  "ALL",    "MVS",       "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::MVS_FOR_USER_ },
     {  "ALL",    "MVGROUPS",  "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::MVGROUPS_FOR_USER_ },
     {  "ALL",    "PRIVILEGES","FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_ },
+    {  "ALL",    "PRIVILEGES","FOR",   "ROLE",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_ },
     {  "ALL",    "PROCEDURES","FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_ },
     {  "ALL",    "ROLES",     "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::ROLES_FOR_USER_ },
     {  "ALL",    "SCHEMAS",   "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::SCHEMAS_FOR_USER_ },
@@ -1788,6 +1789,7 @@ short ExeUtilGetMetadataInfo::codeGen(Generator * generator)
     {  "USER",   "MVS",       "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::MVS_FOR_USER_ },
     {  "USER",   "MVGROUPS",  "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::MVGROUPS_FOR_USER_ },
     {  "USER",   "PRIVILEGES","FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_USER_ },
+    {  "USER",   "PRIVILEGES","FOR",   "ROLE",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PRIVILEGES_FOR_ROLE_ },
     {  "USER",   "PROCEDURES","FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::PROCEDURES_FOR_USER_ },
     {  "USER",   "ROLES",     "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::ROLES_FOR_USER_ },
     {  "USER",   "SCHEMAS",   "FOR",   "USER",     0,      0,        0,      0,      ComTdbExeUtilGetMetadataInfo::SCHEMAS_FOR_USER_ },

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/60cdb459/core/sql/regress/hive/EXPECTED009
----------------------------------------------------------------------
diff --git a/core/sql/regress/hive/EXPECTED009 b/core/sql/regress/hive/EXPECTED009
index c4c038c..5591aaa 100644
--- a/core/sql/regress/hive/EXPECTED009
+++ b/core/sql/regress/hive/EXPECTED009
@@ -335,8 +335,9 @@ HIVE
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _HV_HIVE_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                PROMOTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _HV_SCH_T009_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
                                T009T2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _MD_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
                                OBJECTS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
+TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _PRIVMGR_MD_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
                                ROLE_USAGE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
 
---- 5 row(s) selected.
+--- 6 row(s) selected.
 >>drop external table t009t1 for hive.sch_t009.t009t1;
 
 --- SQL operation complete.
@@ -358,15 +359,16 @@ HIVE
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _HV_HIVE_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                PROMOTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _HV_SCH_T009_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
                                T009T2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
 TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _MD_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
                                OBJECTS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         
+TRAFODION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         _PRIVMGR_MD_                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
                                ROLE_USAGE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
 
---- 5 row(s) selected.
+--- 6 row(s) selected.
 >>create external table t009t1 for hive.sch_t009.t009t1;
 
 --- SQL operation complete.
 >>invoke hive.sch_t009.t009t1;
 
 -- Definition of hive table T009T1
--- Definition current  Thu Jun 16 19:45:00 2016
+-- Definition current  Wed Jan 25 21:06:12 2017
 
   (
     A                                INT
@@ -436,7 +438,7 @@ _HB__CELL__
 >>invoke trafodion."_HB__ROW__"."baseball";
 
 -- Definition of Trafodion external table TRAFODION."_HB__ROW__"."baseball"
--- Definition current  Thu Jun 16 19:45:06 2016
+-- Definition current  Wed Jan 25 21:06:21 2017
 
   (
     ROW_ID                           VARCHAR(100) CHARACTER SET ISO88591
@@ -449,7 +451,7 @@ _HB__CELL__
 >>invoke trafodion."_HB__CELL__"."baseball";
 
 -- Definition of Trafodion external table TRAFODION."_HB__CELL__"."baseball"
--- Definition current  Thu Jun 16 19:45:07 2016
+-- Definition current  Wed Jan 25 21:06:22 2017
 
   (
     ROW_ID                           VARCHAR(100) CHARACTER SET ISO88591
@@ -538,7 +540,7 @@ ROW_ID      COLS
 >>invoke hive.hive.store_sales;
 
 -- Definition of hive table STORE_SALES
--- Definition current  Thu Jun 16 19:45:13 2016
+-- Definition current  Wed Jan 25 21:06:36 2017
 
   (
     SS_SOLD_DATE_SK                  INT
@@ -582,7 +584,7 @@ ROW_ID      COLS
 ------------------------------------------------------------------ PLAN SUMMARY
 MODULE_NAME .............. DYNAMICALLY COMPILED
 STATEMENT_NAME ........... S
-PLAN_ID .................. 212332866313934337
+PLAN_ID .................. 212352138396921126
 ROWS_OUT ............. 1,709
 EST_TOTAL_COST ........... 0.27
 STATEMENT ................ select * from store_sales where ss_item_sk = 1;
@@ -711,7 +713,7 @@ LC   RC   OP   OPERATOR              OPT       DESCRIPTION           CARD
 ------------------------------------------------------------------ PLAN SUMMARY
 MODULE_NAME .............. DYNAMICALLY COMPILED
 STATEMENT_NAME ........... S
-PLAN_ID .................. 212332866314848871
+PLAN_ID .................. 212352138398271228
 ROWS_OUT ......... 2,920,643
 EST_TOTAL_COST ........... 1.07
 STATEMENT ................ select *
@@ -913,7 +915,7 @@ DESCRIPTION
 >>invoke hive.hive.date_dim;
 
 -- Definition of hive table DATE_DIM
--- Definition current  Thu Jun 16 19:45:17 2016
+-- Definition current  Wed Jan 25 21:06:43 2017
 
   (
     D_DATE_SK                        INT
@@ -1054,7 +1056,7 @@ CREATE EXTERNAL TABLE DATE_DIM
 ------------------------------------------------------------------ PLAN SUMMARY
 MODULE_NAME .............. DYNAMICALLY COMPILED
 STATEMENT_NAME ........... S
-PLAN_ID .................. 212332866319821558
+PLAN_ID .................. 212352138408317415
 ROWS_OUT ................. 1
 EST_TOTAL_COST ........... 0.01
 STATEMENT ................ select *
@@ -1145,7 +1147,7 @@ DESCRIPTION
 >>invoke hive.hive.date_dim;
 
 -- Definition of hive table DATE_DIM
--- Definition current  Thu Jun 16 19:45:27 2016
+-- Definition current  Wed Jan 25 21:06:55 2017
 
   (
     D_DATE_SK                        INT
@@ -1286,7 +1288,7 @@ CREATE EXTERNAL TABLE DATE_DIM
 ------------------------------------------------------------------ PLAN SUMMARY
 MODULE_NAME .............. DYNAMICALLY COMPILED
 STATEMENT_NAME ........... S
-PLAN_ID .................. 212332866330134922
+PLAN_ID .................. 212352138418762665
 ROWS_OUT ................. 1
 EST_TOTAL_COST ........... 0.01
 STATEMENT ................ select *


Mime
View raw message