Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support db_securityadmin #70

Merged
merged 55 commits into from
Oct 31, 2024
Merged

Support db_securityadmin #70

Show file tree
Hide file tree
Changes from 54 commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
1c2e0d9
support db_accessadmin
tanscorpio7 Sep 25, 2024
9366d6f
empty commit to rerun actions
tanscorpio7 Sep 25, 2024
60eb635
Merge branch 'server-database-roles-4-x' into BABEL-5136
tanscorpio7 Sep 25, 2024
1d235d6
add basic tests
tanscorpio7 Sep 25, 2024
6778242
fix get_authid_user_ext_physical_name
tanscorpio7 Sep 25, 2024
aa8c3a5
refactor
tanscorpio7 Sep 25, 2024
04161b7
refactor is_role() & is_user() to one function
tanscorpio7 Sep 26, 2024
c26714a
address comments
tanscorpio7 Sep 26, 2024
2f141fa
fix
tanscorpio7 Sep 26, 2024
ef05577
fix
tanscorpio7 Sep 26, 2024
fd28fd0
Merge remote-tracking branch 'upstream/BABEL_4_X_DEV' into BABEL-5136
tanscorpio7 Sep 26, 2024
f8263ad
empty commit to rerun actions
tanscorpio7 Sep 26, 2024
5ccc553
fix
tanscorpio7 Sep 26, 2024
2c6071d
fix
tanscorpio7 Sep 27, 2024
8e236af
fix
tanscorpio7 Sep 27, 2024
262ab3b
add test to upgrade
tanscorpio7 Sep 27, 2024
3377700
add test to upgrade
tanscorpio7 Sep 27, 2024
fc5a463
Merge remote-tracking branch 'origin/BABEL_4_X_DEV' into BABEL-5136
tanscorpio7 Sep 27, 2024
9d88f54
Support db_secadmin
HarshLunagariya Sep 30, 2024
4c7979f
Merge branch 'server-database-roles-4-x' into BABEL-5136
tanscorpio7 Sep 30, 2024
3964d46
Merge branch 'BABEL-5136' into babel_dbsecadmin
HarshLunagariya Sep 30, 2024
92d35c4
Support Securityadmin fixed server role (#67)
anju15bharti Oct 17, 2024
74c5ba7
Merge branch 'BABEL-5136' into babel_dbsecadmin
HarshLunagariya Sep 30, 2024
82d5e32
Support fixed database role db_accessadmin (#66)
tanscorpio7 Oct 18, 2024
86c5514
Merge remote-tracking branch 'origin/server-database-roles-4-x' into …
HarshLunagariya Oct 19, 2024
8b04046
Merge remote-tracking branch 'origin/server-database-roles-4-x' into …
HarshLunagariya Oct 19, 2024
207391f
Support db_securityadmin fixed database role
HarshLunagariya Oct 20, 2024
91c6778
test fix
HarshLunagariya Oct 21, 2024
e11f41c
single-db test fix
HarshLunagariya Oct 21, 2024
e8a7560
upgrade fix
HarshLunagariya Oct 21, 2024
38c2a6c
upgarde script fix
HarshLunagariya Oct 21, 2024
9b9e5e9
add more tests
HarshLunagariya Oct 22, 2024
5d2a827
Merge branch 'server-database-roles-4-x' into babel_dbsecadmin
HarshLunagariya Oct 22, 2024
d06be39
Added tests
HarshLunagariya Oct 22, 2024
e103d48
Address comments
HarshLunagariya Oct 24, 2024
9291726
Merge remote-tracking branch 'origin/server-database-roles-4-x' into …
HarshLunagariya Oct 24, 2024
d45f5c7
Test update
HarshLunagariya Oct 24, 2024
03d1301
fix
HarshLunagariya Oct 24, 2024
0df1477
fix
HarshLunagariya Oct 24, 2024
d0c1c27
Test update
HarshLunagariya Oct 24, 2024
e7f464a
Merge branch 'server-database-roles-4-x' into babel_dbsecadmin
HarshLunagariya Oct 27, 2024
c1e03e8
Update expected test files
HarshLunagariya Oct 28, 2024
bffd4ed
Fix
HarshLunagariya Oct 29, 2024
2e4e082
fix
HarshLunagariya Oct 29, 2024
ff81672
[Temp Change] Debugging
HarshLunagariya Oct 29, 2024
1422cc3
[Temp] Debugging more
HarshLunagariya Oct 29, 2024
f3d8954
[Temp]
HarshLunagariya Oct 29, 2024
120b380
fix
HarshLunagariya Oct 29, 2024
6adb061
Fix
HarshLunagariya Oct 29, 2024
7731d89
Fix
HarshLunagariya Oct 29, 2024
d20c1e3
Add restrictions test
HarshLunagariya Oct 29, 2024
6778264
fix
HarshLunagariya Oct 29, 2024
1da2395
Fix
HarshLunagariya Oct 29, 2024
79df479
fix
HarshLunagariya Oct 29, 2024
0af5925
Disable some tests
HarshLunagariya Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2122,7 +2122,7 @@ BEGIN
LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner
WHERE Ext1.database_name = DB_NAME()
AND (Ext1.type != 'R' OR Ext1.type != 'A')
AND Ext1.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
ORDER BY UserName, RoleName;
END
-- If the security account is the db fixed role - db_owner
Expand Down Expand Up @@ -2154,7 +2154,7 @@ BEGIN
WHERE Ext1.database_name = DB_NAME()
AND Ext2.database_name = DB_NAME()
AND Ext1.type = 'R'
AND Ext2.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db))
ORDER BY Role_name, Users_in_role;
END
Expand Down Expand Up @@ -2192,7 +2192,7 @@ BEGIN
LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner
WHERE Ext1.database_name = DB_NAME()
AND (Ext1.type != 'R' OR Ext1.type != 'A')
AND Ext1.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db))
ORDER BY UserName, RoleName;
END
Expand Down Expand Up @@ -2352,18 +2352,19 @@ CREATE OR REPLACE PROCEDURE sys.sp_helpdbfixedrole("@rolename" sys.SYSNAME = NUL
$$
BEGIN
-- Returns a list of the fixed database roles.
IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter')
BEGIN
SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM (
VALUES ('db_owner', 'DB Owners'),
('db_accessadmin', 'DB Access Administrators'),
('db_securityadmin', 'DB Security Administrators'),
('db_datareader', 'DB Data Reader'),
('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description)
WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole;
END
ELSE IF LOWER(RTRIM(@rolename)) IN (
'db_securityadmin','db_ddladmin', 'db_backupoperator',
'db_datareader', 'db_datawriter', 'db_denydatareader', 'db_denydatawriter')
'db_ddladmin', 'db_backupoperator',
'db_denydatareader', 'db_denydatawriter')
BEGIN
-- Return an empty result set instead of raising an error
SELECT CAST(NULL AS sys.SYSNAME) AS DbFixedRole, CAST(NULL AS sys.nvarchar(70)) AS Description
Expand Down
15 changes: 10 additions & 5 deletions contrib/babelfishpg_tsql/sql/ownership.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,10 +260,15 @@ LANGUAGE plpgsql
AS $$
DECLARE
reserved_roles varchar[] := ARRAY['sysadmin', 'securityadmin', 'dbcreator',
'master_dbo', 'master_guest', 'master_db_owner', 'master_db_accessadmin', 'master_db_datareader', 'master_db_datawriter',
'tempdb_dbo', 'tempdb_guest', 'tempdb_db_owner', 'tempdb_db_accessadmin', 'tempdb_db_datareader', 'tempdb_db_datawriter',
'msdb_dbo', 'msdb_guest', 'msdb_db_owner', 'msdb_db_accessadmin', 'msdb_db_datareader', 'msdb_db_datawriter'];

'master_dbo', 'master_guest', 'master_db_owner',
'master_db_accessadmin', 'master_db_securityadmin',
'master_db_datareader', 'master_db_datawriter',
'tempdb_dbo', 'tempdb_guest', 'tempdb_db_owner',
'tempdb_db_accessadmin', 'tempdb_db_securityadmin',
'tempdb_db_datareader', 'tempdb_db_datawriter',
'msdb_dbo', 'msdb_guest', 'msdb_db_owner',
'msdb_db_accessadmin', 'msdb_db_securityadmin',
'msdb_db_datareader', 'msdb_db_datawriter'];
user_id oid := -1;
db_name name := NULL;
role_name varchar;
Expand Down Expand Up @@ -465,7 +470,7 @@ ON Base.rolname = Ext.rolname
LEFT OUTER JOIN pg_catalog.pg_roles Base2
ON Ext.login_name = Base2.rolname
WHERE Ext.database_name = DB_NAME()
AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible
AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible
OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of
UNION ALL
SELECT
Expand Down
18 changes: 8 additions & 10 deletions contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.3.0--4.4.0.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4464,7 +4464,7 @@ ON Base.rolname = Ext.rolname
LEFT OUTER JOIN pg_catalog.pg_roles Base2
ON Ext.login_name = Base2.rolname
WHERE Ext.database_name = DB_NAME()
AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible
AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible
OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of
UNION ALL
SELECT
Expand Down Expand Up @@ -4497,18 +4497,19 @@ CREATE OR REPLACE PROCEDURE sys.sp_helpdbfixedrole("@rolename" sys.SYSNAME = NUL
$$
BEGIN
-- Returns a list of the fixed database roles.
IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter')
BEGIN
SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM (
VALUES ('db_owner', 'DB Owners'),
('db_accessadmin', 'DB Access Administrators'),
('db_securityadmin', 'DB Security Administrators'),
('db_datareader', 'DB Data Reader'),
('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description)
WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole;
END
ELSE IF LOWER(RTRIM(@rolename)) IN (
'db_securityadmin','db_ddladmin', 'db_backupoperator',
'db_datareader', 'db_datawriter', 'db_denydatareader', 'db_denydatawriter')
'db_ddladmin', 'db_backupoperator',
'db_denydatareader', 'db_denydatawriter')
BEGIN
-- Return an empty result set instead of raising an error
SELECT CAST(NULL AS sys.SYSNAME) AS DbFixedRole, CAST(NULL AS sys.nvarchar(70)) AS Description
Expand Down Expand Up @@ -4553,8 +4554,7 @@ BEGIN
LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner
WHERE Ext1.database_name = DB_NAME()
AND (Ext1.type != 'R' OR Ext1.type != 'A')
AND Ext1.orig_username != 'db_owner'
AND Ext1.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
ORDER BY UserName, RoleName;
END
-- If the security account is the db fixed role - db_owner
Expand Down Expand Up @@ -4586,8 +4586,7 @@ BEGIN
WHERE Ext1.database_name = DB_NAME()
AND Ext2.database_name = DB_NAME()
AND Ext1.type = 'R'
AND Ext2.orig_username != 'db_owner'
AND Ext2.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db))
ORDER BY Role_name, Users_in_role;
END
Expand Down Expand Up @@ -4625,8 +4624,7 @@ BEGIN
LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner
WHERE Ext1.database_name = DB_NAME()
AND (Ext1.type != 'R' OR Ext1.type != 'A')
AND Ext1.orig_username != 'db_owner'
AND Ext1.orig_username NOT IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter')
AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db))
ORDER BY UserName, RoleName;
END
Expand Down
Loading
Loading