diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 25a819601b..3d5c2b7aba 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -2208,7 +2208,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') ORDER BY UserName, RoleName; END -- If the security account is the db fixed role - db_owner @@ -2240,7 +2240,7 @@ BEGIN WHERE Ext1.database_name = DB_NAME() AND Ext2.database_name = DB_NAME() AND Ext1.type = 'R' - AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY Role_name, Users_in_role; END @@ -2278,7 +2278,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY UserName, RoleName; END @@ -2439,19 +2439,19 @@ $$ BEGIN -- Returns a list of the fixed database roles. IF pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IS NULL - OR pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter') + OR pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') BEGIN SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM ( VALUES ('db_owner', 'DB Owners'), ('db_accessadmin', 'DB Access Administrators'), ('db_securityadmin', 'DB Security Administrators'), ('db_datareader', 'DB Data Reader'), - ('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description) + ('db_datawriter', 'DB Data Writer'), + ('db_ddladmin', 'DB DDL Administrators')) x(DbFixedRole, Description) WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole; END ELSE IF pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ( - 'db_ddladmin', 'db_backupoperator', - 'db_denydatareader', 'db_denydatawriter') + 'db_backupoperator', 'db_denydatareader', 'db_denydatawriter') BEGIN -- Return an empty result set instead of raising an error SELECT CAST(NULL AS sys.SYSNAME) AS DbFixedRole, CAST(NULL AS sys.nvarchar(70)) AS Description @@ -3104,6 +3104,22 @@ BEGIN WHERE s1.name = @schemaname AND o1.name = @subname; SELECT @count = COUNT(*) FROM #tempTable; + IF @count < 1 + BEGIN + -- sys.objects does not show routines which current user cannot execute but + -- roles like db_ddladmin allow renaming a procedure even though they cannot + -- execute it, so search again in pg_proc if count is zero + DROP TABLE #tempTable; + SELECT CAST(CASE + WHEN p.prokind = 'p' THEN 'P' + WHEN p.prokind = 'a' THEN 'AF' + WHEN format_type(p.prorettype, NULL) = 'trigger' THEN 'TR' + ELSE 'FN' + END as sys.bpchar(2)) AS type INTO #tempTable + FROM pg_proc p INNER JOIN sys.schemas s1 ON p.pronamespace = s1.schema_id + WHERE s1.name = @schemaname AND CAST(p.proname AS sys.sysname) = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + END IF @count > 1 BEGIN THROW 33557097, N'There are multiple objects with the given @objname.', 1; diff --git a/contrib/babelfishpg_tsql/sql/ownership.sql b/contrib/babelfishpg_tsql/sql/ownership.sql index 7e9e62a338..e416126966 100644 --- a/contrib/babelfishpg_tsql/sql/ownership.sql +++ b/contrib/babelfishpg_tsql/sql/ownership.sql @@ -262,13 +262,13 @@ DECLARE reserved_roles varchar[] := ARRAY['sysadmin', 'securityadmin', 'dbcreator', 'master_dbo', 'master_guest', 'master_db_owner', 'master_db_accessadmin', 'master_db_securityadmin', - 'master_db_datareader', 'master_db_datawriter', + 'master_db_datareader', 'master_db_datawriter', 'master_db_ddladmin', 'tempdb_dbo', 'tempdb_guest', 'tempdb_db_owner', 'tempdb_db_accessadmin', 'tempdb_db_securityadmin', - 'tempdb_db_datareader', 'tempdb_db_datawriter', + 'tempdb_db_datareader', 'tempdb_db_datawriter', 'tempdb_db_ddladmin', 'msdb_dbo', 'msdb_guest', 'msdb_db_owner', 'msdb_db_accessadmin', 'msdb_db_securityadmin', - 'msdb_db_datareader', 'msdb_db_datawriter']; + 'msdb_db_datareader', 'msdb_db_datawriter', 'msdb_db_ddladmin']; user_id oid := -1; db_name name := NULL; role_name varchar; @@ -297,7 +297,7 @@ BEGIN EXECUTE format('CREATE ROLE securityadmin CREATEROLE INHERIT PASSWORD NULL'); EXECUTE format('CREATE ROLE dbcreator CREATEDB INHERIT PASSWORD NULL'); EXECUTE format('CREATE ROLE bbf_role_admin CREATEDB CREATEROLE INHERIT PASSWORD NULL'); - EXECUTE format('GRANT CREATE ON DATABASE %s TO bbf_role_admin WITH GRANT OPTION', CURRENT_DATABASE()); + EXECUTE format('GRANT CREATE ON DATABASE %s TO bbf_role_admin', CURRENT_DATABASE()); EXECUTE format('GRANT %I to bbf_role_admin WITH ADMIN TRUE;', sa_name); EXECUTE format('CREATE ROLE sysadmin CREATEDB CREATEROLE INHERIT ROLE %I', sa_name); EXECUTE format('GRANT sysadmin TO bbf_role_admin WITH ADMIN TRUE'); @@ -470,7 +470,7 @@ ON Base.rolname = Ext.rolname LEFT OUTER JOIN pg_catalog.pg_roles Base2 ON Ext.login_name = Base2.rolname WHERE Ext.database_name = DB_NAME() - AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible + AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin', 'guest') -- system users should always be visible OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of UNION ALL SELECT diff --git a/contrib/babelfishpg_tsql/sql/sys_functions.sql b/contrib/babelfishpg_tsql/sql/sys_functions.sql index 45cde15b58..60660c54c1 100644 --- a/contrib/babelfishpg_tsql/sql/sys_functions.sql +++ b/contrib/babelfishpg_tsql/sql/sys_functions.sql @@ -4500,7 +4500,7 @@ BEGIN END IF; ELSIF EXISTS (SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE orig_username = role COLLATE sys.database_default) THEN - IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')) + IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin')) THEN RETURN 1; ELSIF EXISTS (SELECT name FROM sys.user_token WHERE name = role COLLATE sys.database_default) THEN RETURN 1; -- Return 1 if current session user is a member of role or windows group diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--4.5.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--4.5.0.sql index cc32d6f8bb..7c4e369e87 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--4.5.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--4.5.0.sql @@ -40,6 +40,18 @@ $$ end; $$; +/* + * Do this so that whenever we run grant statements during create logical database + * bbf_role_admin is never picked as the grantor + */ +DO $$ +BEGIN + EXECUTE format('REVOKE GRANT OPTION FOR CREATE ON DATABASE %s FROM bbf_role_admin; ', CURRENT_DATABASE()); +END; +$$ LANGUAGE plpgsql; + + + -- This is a temporary procedure which is only meant to be called during upgrade CREATE OR REPLACE PROCEDURE sys.babelfish_revoke_guest_from_mapped_logins() LANGUAGE C @@ -147,7 +159,7 @@ BEGIN END IF; ELSIF EXISTS (SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE orig_username = role COLLATE sys.database_default) THEN - IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')) + IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin')) THEN RETURN 1; ELSIF EXISTS (SELECT name FROM sys.user_token WHERE name = role COLLATE sys.database_default) THEN RETURN 1; -- Return 1 if current session user is a member of role or windows group @@ -191,7 +203,7 @@ ON Base.rolname = Ext.rolname LEFT OUTER JOIN pg_catalog.pg_roles Base2 ON Ext.login_name = Base2.rolname WHERE Ext.database_name = DB_NAME() - AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible + AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin', 'guest') -- system users should always be visible OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of UNION ALL SELECT @@ -253,7 +265,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') ORDER BY UserName, RoleName; END -- If the security account is the db fixed role - db_owner @@ -285,7 +297,7 @@ BEGIN WHERE Ext1.database_name = DB_NAME() AND Ext2.database_name = DB_NAME() AND Ext1.type = 'R' - AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY Role_name, Users_in_role; END @@ -323,7 +335,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY UserName, RoleName; END @@ -1776,19 +1788,19 @@ $$ BEGIN -- Returns a list of the fixed database roles. IF pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IS NULL - OR pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter') + OR pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') BEGIN SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM ( VALUES ('db_owner', 'DB Owners'), ('db_accessadmin', 'DB Access Administrators'), ('db_securityadmin', 'DB Security Administrators'), ('db_datareader', 'DB Data Reader'), - ('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description) + ('db_datawriter', 'DB Data Writer'), + ('db_ddladmin', 'DB DDL Administrators')) x(DbFixedRole, Description) WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole; END ELSE IF pg_catalog.lower(PG_CATALOG.RTRIM(@rolename)) IN ( - 'db_ddladmin', 'db_backupoperator', - 'db_denydatareader', 'db_denydatawriter') + 'db_backupoperator', 'db_denydatareader', 'db_denydatawriter') BEGIN -- Return an empty result set instead of raising an error SELECT CAST(NULL AS sys.SYSNAME) AS DbFixedRole, CAST(NULL AS sys.nvarchar(70)) AS Description @@ -10195,6 +10207,142 @@ $body$ LANGUAGE 'plpgsql' STABLE; +CREATE OR REPLACE PROCEDURE sys.sp_renamedb( + IN "@objname" sys.SYSNAME, + IN "@newname" sys.SYSNAME +) +AS 'babelfishpg_tsql', 'sp_renamedb_internal' +LANGUAGE C; + +CREATE OR REPLACE PROCEDURE sys.sp_rename( + IN "@objname" sys.nvarchar(776) = NULL, + IN "@newname" sys.SYSNAME = NULL, + IN "@objtype" sys.varchar(13) DEFAULT NULL +) +LANGUAGE 'pltsql' +AS $$ +BEGIN + SET @objtype = sys.TRIM(@objtype); + If @objtype IS NULL + BEGIN + THROW 33557097, N'Please provide @objtype that is supported in Babelfish', 1; + END + ELSE IF @objtype = 'INDEX' + BEGIN + THROW 33557097, N'Feature not supported: renaming object type Index', 1; + END + ELSE IF @objtype = 'STATISTICS' + BEGIN + THROW 33557097, N'Feature not supported: renaming object type Statistics', 1; + END + ELSE IF @objtype = 'DATABASE' + BEGIN + exec sys.sp_renamedb @objname, @newname; + END + ELSE + BEGIN + DECLARE @subname sys.nvarchar(776); + DECLARE @schemaname sys.nvarchar(776); + DECLARE @dbname sys.nvarchar(776); + DECLARE @curr_relname sys.nvarchar(776); + + EXEC sys.babelfish_sp_rename_word_parse @objname, @objtype, @subname OUT, @curr_relname OUT, @schemaname OUT, @dbname OUT; + + DECLARE @currtype char(2); + + IF @objtype = 'COLUMN' + BEGIN + DECLARE @col_count INT; + SELECT @col_count = COUNT(*)FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @curr_relname and COLUMN_NAME = @subname; + IF @col_count < 0 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + SET @currtype = 'CO'; + END + ELSE IF @objtype = 'USERDATATYPE' + BEGIN + DECLARE @alias_count INT; + SELECT @alias_count = COUNT(*) FROM sys.types t1 INNER JOIN sys.schemas s1 ON t1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND t1.name = @subname; + IF @alias_count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + IF @alias_count < 1 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + SET @currtype = 'AL'; + END + ELSE IF @objtype = 'OBJECT' + BEGIN + DECLARE @count INT; + SELECT type INTO #tempTable FROM sys.objects o1 INNER JOIN sys.schemas s1 ON o1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND o1.name = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + + IF @count < 1 + BEGIN + -- sys.objects does not show routines which current user cannot execute but + -- roles like db_ddladmin allow renaming a procedure even though they cannot + -- execute it, so search again in pg_proc if count is zero + DROP TABLE #tempTable; + SELECT CAST(CASE + WHEN p.prokind = 'p' THEN 'P' + WHEN p.prokind = 'a' THEN 'AF' + WHEN format_type(p.prorettype, NULL) = 'trigger' THEN 'TR' + ELSE 'FN' + END as sys.bpchar(2)) AS type INTO #tempTable + FROM pg_proc p INNER JOIN sys.schemas s1 ON p.pronamespace = s1.schema_id + WHERE s1.name = @schemaname AND CAST(p.proname AS sys.sysname) = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + END + IF @count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + IF @count < 1 + BEGIN + -- TABLE TYPE: check if there is a match in sys.table_types (if we cannot alter sys.objects table_type naming) + SELECT @count = COUNT(*) FROM sys.table_types tt1 INNER JOIN sys.schemas s1 ON tt1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND tt1.name = @subname; + IF @count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + ELSE IF @count < 1 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + ELSE + BEGIN + SET @currtype = 'TT' + END + END + IF @currtype IS NULL + BEGIN + SELECT @currtype = type from #tempTable; + END + IF @currtype = 'TR' OR @currtype = 'TA' + BEGIN + DECLARE @physical_schema_name sys.nvarchar(776) = ''; + SELECT @physical_schema_name = nspname FROM sys.babelfish_namespace_ext WHERE dbid = sys.db_id() AND orig_name = @schemaname; + SELECT @curr_relname = relname FROM pg_catalog.pg_trigger tr LEFT JOIN pg_catalog.pg_class c ON tr.tgrelid = c.oid LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid + WHERE tr.tgname = @subname AND n.nspname = @physical_schema_name; + END + END + ELSE + BEGIN + THROW 33557097, N'Provided @objtype is not currently supported in Babelfish', 1; + END + EXEC sys.babelfish_sp_rename_internal @subname, @newname, @schemaname, @currtype, @curr_relname; + PRINT 'Caution: Changing any part of an object name could break scripts and stored procedures.'; + END +END; +$$; +GRANT EXECUTE on PROCEDURE sys.sp_rename(IN sys.nvarchar(776), IN sys.SYSNAME, IN sys.varchar(13)) TO PUBLIC; + CREATE OR REPLACE FUNCTION sys.babelfish_sp_verify_schedule ( par_schedule_id integer, par_name varchar, diff --git a/contrib/babelfishpg_tsql/src/catalog.c b/contrib/babelfishpg_tsql/src/catalog.c index 0b8de9972a..8710118d89 100644 --- a/contrib/babelfishpg_tsql/src/catalog.c +++ b/contrib/babelfishpg_tsql/src/catalog.c @@ -4289,19 +4289,40 @@ grant_perms_to_objects_in_schema(const char *schema_name, * implicitly at the time of CREATE function/procedure. */ void -exec_internal_grant_on_function(const char *logicalschema, - const char *object_name, - const char *object_type) +exec_internal_grant_on_function(Oid objectId) { SysScanDesc scan; Relation bbf_schema_rel; TupleDesc dsc; HeapTuple tuple_bbf_schema; + HeapTuple proc_tuple; const char *grantee = NULL; int current_permission; ScanKeyData scanKey[3]; int16 dbid = get_cur_db_id(); - const char *db_name = get_cur_db_name(); + Oid phy_sch_oid; + char *object_name; + char *schema; + const char *logicalschema; + char object_type; + Form_pg_proc procedureStruct; + + /* TSQL specific behavior */ + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return; + + proc_tuple = SearchSysCache1(PROCOID, + ObjectIdGetDatum(objectId)); + if (!HeapTupleIsValid(proc_tuple)) + elog(ERROR, "cache lookup failed for function %u", objectId); + + procedureStruct = (Form_pg_proc) GETSTRUCT(proc_tuple); + + object_name = NameStr(procedureStruct->proname); + phy_sch_oid = procedureStruct->pronamespace; + schema = get_namespace_name(phy_sch_oid); + logicalschema = get_logical_schema_name(schema, true); + object_type = procedureStruct->prokind; /* Fetch the relation */ bbf_schema_rel = table_open(get_bbf_schema_perms_oid(), @@ -4342,16 +4363,15 @@ exec_internal_grant_on_function(const char *logicalschema, if (current_permission & ALL_PERMISSIONS_ON_FUNCTION) { const char *query = NULL; - char *schema; List *res; GrantStmt *grant; PlannedStmt *wrapper; + Oid save_userid; + int save_sec_context; - schema = get_physical_schema_name((char *)db_name, logicalschema); - - if (strcmp(object_type, OBJ_FUNCTION) == 0) + if (object_type == PROKIND_FUNCTION) query = psprintf("GRANT EXECUTE ON FUNCTION [%s].[%s] TO %s", schema, object_name, grantee); - else if (strcmp(object_type, OBJ_PROCEDURE) == 0) + else if (object_type == PROKIND_PROCEDURE) query = psprintf("GRANT EXECUTE ON PROCEDURE [%s].[%s] TO %s", schema, object_name, grantee); res = raw_parser(query, RAW_PARSE_DEFAULT); grant = (GrantStmt *) parsetree_nth_stmt(res, 0); @@ -4364,20 +4384,37 @@ exec_internal_grant_on_function(const char *logicalschema, wrapper->stmt_location = 0; wrapper->stmt_len = 1; - /* do this step */ - ProcessUtility(wrapper, - INTERNAL_GRANT_STATEMENT, - false, - PROCESS_UTILITY_SUBCOMMAND, - NULL, - NULL, - None_Receiver, - NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + + PG_TRY(); + { + /* + * babelfish routines could be transferred to schema owner during creation so + * current user may not have grant privilege on this routine when we reach here + */ + SetUserIdAndSecContext(procedureStruct->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + ProcessUtility(wrapper, + INTERNAL_GRANT_STATEMENT, + false, + PROCESS_UTILITY_SUBCOMMAND, + NULL, + NULL, + None_Receiver, + NULL); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); } tuple_bbf_schema = systable_getnext(scan); } systable_endscan(scan); table_close(bbf_schema_rel, AccessShareLock); + pfree(schema); + ReleaseSysCache(proc_tuple); } PG_FUNCTION_INFO_V1(update_user_catalog_for_guest_schema); diff --git a/contrib/babelfishpg_tsql/src/catalog.h b/contrib/babelfishpg_tsql/src/catalog.h index 111583dd2d..ac5b44afb4 100644 --- a/contrib/babelfishpg_tsql/src/catalog.h +++ b/contrib/babelfishpg_tsql/src/catalog.h @@ -374,7 +374,7 @@ extern void remove_entry_from_bbf_schema_perms(const char *schema_name, const ch extern void add_or_update_object_in_bbf_schema(const char *schema_name, const char *object_name, int new_permission, const char *grantee, const char *object_type, bool is_grant, const char *func_args); extern void clean_up_bbf_schema_permissions(const char *schema_name, const char *object_name, bool is_schema); extern void grant_perms_to_objects_in_schema(const char *schema_name, int permission, const char *grantee); -extern void exec_internal_grant_on_function(const char *logicalschema, const char *object_name, const char *object_type); +extern void exec_internal_grant_on_function(Oid objectId); /***************************************** * DOMAIN MAPPING diff --git a/contrib/babelfishpg_tsql/src/dbcmds.c b/contrib/babelfishpg_tsql/src/dbcmds.c index 9b3292b029..70a7432b09 100644 --- a/contrib/babelfishpg_tsql/src/dbcmds.c +++ b/contrib/babelfishpg_tsql/src/dbcmds.c @@ -88,6 +88,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner) const char *db_owner; const char *db_accessadmin; const char *db_securityadmin; + const char *db_ddladmin; const char *guest; const char *guest_schema; Oid owner_oid; @@ -106,6 +107,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner) owner_is_sa = role_is_sa(owner_oid); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); /* * To avoid SQL injection, we generate statement parsetree with dummy @@ -132,6 +134,10 @@ gen_createdb_subcmds(const char *dbname, const char *owner) appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); + /* create db_ddladmin for database */ + appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); + appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); + if (guest) { appendStringInfo(&query, "CREATE ROLE dummy INHERIT ROLE dummy; "); @@ -153,13 +159,13 @@ gen_createdb_subcmds(const char *dbname, const char *owner) if (guest) { if (!owner_is_sa) - expected_stmt_num = list_length(logins) > 0 ? 16 : 15; + expected_stmt_num = list_length(logins) > 0 ? 18 : 17; else - expected_stmt_num = list_length(logins) > 0 ? 15 : 14; + expected_stmt_num = list_length(logins) > 0 ? 17 : 16; } else { - expected_stmt_num = 12; + expected_stmt_num = 14; if (!owner_is_sa) expected_stmt_num++; @@ -207,6 +213,12 @@ gen_createdb_subcmds(const char *dbname, const char *owner) stmt = parsetree_nth_stmt(res, i++); update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_securityadmin, NULL); + stmt = parsetree_nth_stmt(res, i++); + update_CreateRoleStmt(stmt, db_ddladmin, db_owner, NULL); + + stmt = parsetree_nth_stmt(res, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + if (guest) { stmt = parsetree_nth_stmt(res, i++); @@ -254,6 +266,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) const char *db_securityadmin; const char *db_datareader; const char *db_datawriter; + const char *db_ddladmin; const char *guest; dbo = get_dbo_role_name(dbname); @@ -263,6 +276,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) guest = get_guest_role_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); add_to_bbf_authid_user_ext(dbo, DBO, dbname, DBO, NULL, false, true, false); add_to_bbf_authid_user_ext(db_owner, DB_OWNER, dbname, NULL, NULL, true, true, false); @@ -270,6 +284,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) add_to_bbf_authid_user_ext(db_securityadmin, DB_SECURITYADMIN, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datareader, DB_DATAREADER, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datawriter, DB_DATAWRITER, dbname, NULL, NULL, true, false, false); + add_to_bbf_authid_user_ext(db_ddladmin, DB_DDLADMIN, dbname, NULL, NULL, true, false, false); /* * For master, tempdb and msdb databases, the guest user will be @@ -297,7 +312,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) List *stmt_list; ListCell *elem; Node *stmt; - int expected_stmts = 12; + int expected_stmts = 14; int i = 0; const char *dbo; const char *db_owner; @@ -307,6 +322,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) const char *guest_schema; const char *db_datareader; const char *db_datawriter; + const char *db_ddladmin; dbo = get_dbo_role_name(dbname); db_owner = get_db_owner_name(dbname); @@ -316,6 +332,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) guest_schema = get_guest_schema_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); initStringInfo(&query); appendStringInfo(&query, "DROP SCHEMA dummy CASCADE; "); @@ -325,29 +342,32 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) foreach(elem, db_users) { char *user_name = (char *) lfirst(elem); + char *original_user_name = get_authid_user_ext_original_name(user_name, dbname); - if (strcmp(user_name, db_owner) != 0 && - strcmp(user_name, dbo) != 0 && - strcmp(user_name, db_accessadmin) != 0 && - strcmp(user_name, db_securityadmin) != 0 && - strcmp(user_name, db_datareader) != 0 && - strcmp(user_name, db_datawriter) != 0) + if (!IS_FIXED_DB_PRINCIPAL(original_user_name)) { appendStringInfo(&query, "DROP OWNED BY dummy CASCADE; "); appendStringInfo(&query, "DROP ROLE dummy; "); expected_stmts += 2; } + + pfree(original_user_name); } - appendStringInfo(&query, "DROP OWNED BY dummy, dummy, dummy, dummy CASCADE; "); + appendStringInfo(&query, "DROP OWNED BY dummylist CASCADE; "); /* - * Then drop db_datareader, db_datawriter, db_securityadmin, db_accessadmin, + * Then drop db_ddladmin, db_datareader, db_datawriter, db_securityadmin, db_accessadmin, * db_owner and dbo in that order */ + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); + appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "DROP ROLE dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); appendStringInfo(&query, "REVOKE CREATE, CONNECT, TEMPORARY ON DATABASE dummy FROM dummy; "); @@ -371,13 +391,9 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) foreach(elem, db_users) { char *user_name = (char *) lfirst(elem); + char *original_user_name = get_authid_user_ext_original_name(user_name, dbname); - if (strcmp(user_name, db_owner) != 0 && - strcmp(user_name, dbo) != 0 && - strcmp(user_name, db_accessadmin) != 0 && - strcmp(user_name, db_securityadmin) != 0 && - strcmp(user_name, db_datareader) != 0 && - strcmp(user_name, db_datawriter) != 0) + if (!IS_FIXED_DB_PRINCIPAL(original_user_name)) { stmt = parsetree_nth_stmt(stmt_list, i++); update_DropOwnedStmt(stmt, list_make1(user_name)); @@ -385,11 +401,18 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) stmt = parsetree_nth_stmt(stmt_list, i++); update_DropRoleStmt(stmt, user_name); } + + pfree(original_user_name); } stmt = parsetree_nth_stmt(stmt_list, i++); - update_DropOwnedStmt(stmt, list_make4(pstrdup(db_securityadmin), pstrdup(db_accessadmin), pstrdup(db_owner), pstrdup(dbo))); + update_DropOwnedStmt(stmt, list_make5(pstrdup(db_ddladmin), pstrdup(db_securityadmin), pstrdup(db_accessadmin), pstrdup(db_owner), pstrdup(dbo))); + stmt = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + stmt = parsetree_nth_stmt(stmt_list, i++); + update_DropRoleStmt(stmt, db_ddladmin); + stmt = parsetree_nth_stmt(stmt_list, i++); update_DropRoleStmt(stmt, db_datareader); stmt = parsetree_nth_stmt(stmt_list, i++); @@ -582,7 +605,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co const char *old_createrole_self_grant; ListCell *option; const char *database_collation_name = NULL; - Oid datdba; /* Check options */ foreach(option, options) @@ -686,7 +708,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co old_dbname = get_cur_db_name(); set_cur_db(dbid, dbname); /* temporarily set current dbid as the new id */ dbo_role = get_dbo_role_name(dbname); - datdba = get_sysadmin_oid(); PG_TRY(); { @@ -712,12 +733,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co save_sec_context | SECURITY_LOCAL_USERID_CHANGE); is_set_userid = true; } - else if (stmt->type == T_GrantStmt) - { - SetUserIdAndSecContext(datdba, - save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - is_set_userid = true; - } /* need to make a wrapper PlannedStmt */ wrapper = makeNode(PlannedStmt); wrapper->commandType = CMD_UTILITY; @@ -1352,11 +1367,12 @@ create_guest_schema_for_all_dbs(PG_FUNCTION_ARGS) PG_RETURN_INT32(0); } -/* Grant permissions on all the existing objects to db_datareader/db_datawriter. */ +/* Grant permissions on all the existing objects to db_datareader/db_datawriter/db_ddladmin */ static void -grant_perms_to_dbreader_dbwriter(const uint16 dbid, +grant_perms_to_dbreader_dbwriter_ddladmin(const uint16 dbid, const char *db_datareader, - const char *db_datawriter) + const char *db_datawriter, + const char *db_ddladmin) { Relation namespace_rel; TupleDesc namespace_rel_descr; @@ -1374,13 +1390,18 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, initStringInfo(&query); appendStringInfo(&query, "GRANT SELECT ON ALL TABLES IN SCHEMA dummy TO dummy; "); appendStringInfo(&query, "GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA dummy TO dummy; "); + appendStringInfo(&query, "GRANT TRUNCATE ON ALL TABLES IN SCHEMA dummy TO dummy; "); + appendStringInfo(&query, "GRANT CREATE ON SCHEMA dummy TO dummy ; "); /* Grant ALTER DEFAULT PRIVILEGES on schema owner and dbo user. */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT SELECT ON TABLES TO dummy; "); appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT INSERT, UPDATE, DELETE ON TABLES TO dummy; "); + appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT TRUNCATE ON TABLES TO dummy; "); stmt_list = raw_parser(query.data, RAW_PARSE_DEFAULT); + Assert(list_length(stmt_list) == 7); + ScanKeyInit(&key, Anum_namespace_ext_dbid, BTEqualStrategyNumber, F_INT2EQ, @@ -1388,9 +1409,7 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, tblscan = table_beginscan_catalog(namespace_rel, 1, &key); - tuple = heap_getnext(tblscan, ForwardScanDirection); - - while (HeapTupleIsValid(tuple)) + while ((tuple = heap_getnext(tblscan, ForwardScanDirection)) != NULL) { bool isNull; Datum datum; @@ -1411,11 +1430,17 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, update_GrantStmt(stmts, schema_name, NULL, db_datareader, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_GrantStmt(stmts, schema_name, NULL, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema_name, NULL, db_ddladmin, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema_name, NULL, db_ddladmin, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_datareader, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_ddladmin, NULL); /* Run all subcommands */ foreach(parsetree_item, stmt_list) @@ -1441,7 +1466,9 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, None_Receiver, NULL); } - tuple = heap_getnext(tblscan, ForwardScanDirection); + + pfree(dbo_user); + pfree(schema_owner); } /* Cleanup. */ @@ -1471,22 +1498,25 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) int i = 0; char *db_owner; char *db_accessadmin; - char *db_securityadmin; + char *db_securityadmin; char *db_datareader; char *db_datawriter; - int16 dbid = get_db_id(dbname); + char *db_ddladmin; + int16 dbid = get_db_id(dbname); db_owner = get_db_owner_name(dbname); db_accessadmin = get_db_accessadmin_role_name(dbname); db_securityadmin = get_db_securityadmin_role_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); /* Throws error if a role exists already with the same name as db role. */ rolname_same_as_db_rolname(db_accessadmin); rolname_same_as_db_rolname(db_datareader); rolname_same_as_db_rolname(db_datawriter); rolname_same_as_db_rolname(db_securityadmin); + rolname_same_as_db_rolname(db_ddladmin); stmt = parsetree_nth_stmt(parsetree_list, i++); update_CreateRoleStmt(stmt, db_datareader, db_owner, NULL); @@ -1506,6 +1536,12 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) stmt = parsetree_nth_stmt(parsetree_list, i++); update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_securityadmin, NULL); + stmt = parsetree_nth_stmt(parsetree_list, i++); + update_CreateRoleStmt(stmt, db_ddladmin, db_owner, NULL); + + stmt = parsetree_nth_stmt(parsetree_list, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); PG_TRY(); @@ -1517,20 +1553,14 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) add_to_bbf_authid_user_ext(db_securityadmin, DB_SECURITYADMIN, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datareader, DB_DATAREADER, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datawriter, DB_DATAWRITER, dbname, NULL, NULL, true, false, false); + add_to_bbf_authid_user_ext(db_ddladmin, DB_DDLADMIN, dbname, NULL, NULL, true, false, false); + + SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); foreach(parsetree_item, parsetree_list) { PlannedStmt *wrapper; - if (stmt->type == T_GrantStmt) - { - SetUserIdAndSecContext(get_role_oid("sysadmin", false), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - } - else - { - SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - } - wrapper = makeNode(PlannedStmt); wrapper->commandType = CMD_UTILITY; wrapper->canSetTag = false; @@ -1548,8 +1578,8 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) CommandCounterIncrement(); } - /* Grant permissions on all the schemas in a database to db_datareader/db_datawriter */ - grant_perms_to_dbreader_dbwriter(dbid, db_datareader, db_datawriter); + /* Grant permissions on all the schemas in a database to db_datareader/db_datawriter/db_ddladmin */ + grant_perms_to_dbreader_dbwriter_ddladmin(dbid, db_datareader, db_datawriter, db_ddladmin); } PG_FINALLY(); { @@ -1559,6 +1589,7 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) pfree(db_securityadmin); pfree(db_datareader); pfree(db_datawriter); + pfree(db_ddladmin); } PG_END_TRY(); } @@ -1604,12 +1635,15 @@ create_db_roles_during_upgrade(PG_FUNCTION_ARGS) appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); - + appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); + appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); parsetree_list = raw_parser(query.data, RAW_PARSE_DEFAULT); + Assert(list_length(parsetree_list) == 8); + sysdatabase_rel = table_open(sysdatabases_oid, RowExclusiveLock); scan = table_beginscan_catalog(sysdatabase_rel, 0, NULL); diff --git a/contrib/babelfishpg_tsql/src/hooks.c b/contrib/babelfishpg_tsql/src/hooks.c index c07b7c0e19..45b28705a4 100644 --- a/contrib/babelfishpg_tsql/src/hooks.c +++ b/contrib/babelfishpg_tsql/src/hooks.c @@ -199,6 +199,8 @@ static object_access_hook_type prev_object_access_hook = NULL; static void bbf_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg); static void revoke_func_permission_from_public(Oid objectId); static bool is_partitioned_table_reloptions_allowed(Datum reloptions); +static Oid pltsql_get_object_owner(Oid namespaceId, Oid ownerId); +static bool is_bbf_db_ddladmin_operation(Oid namespaceId); /***************************************** * Planner Hook @@ -507,6 +509,10 @@ InstallExtendedHooks(void) bbf_execute_grantstmt_as_dbsecadmin_hook = handle_grantstmt_for_dbsecadmin; pltsql_get_object_identity_event_trigger_hook = pltsql_get_object_identity_event_trigger; + + pltsql_get_object_owner_hook = pltsql_get_object_owner; + + is_bbf_db_ddladmin_operation_hook = is_bbf_db_ddladmin_operation; } void @@ -2968,13 +2974,16 @@ bbf_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int s drop_bbf_roles(access, classId, objectId, subId, arg); if (access == OAT_POST_CREATE && classId == ProcedureRelationId) + { revoke_func_permission_from_public(objectId); + exec_internal_grant_on_function(objectId); + } } static void revoke_func_permission_from_public(Oid objectId) { - const char *query; + char *query; List *res; GrantStmt *revoke; PlannedStmt *wrapper; @@ -2982,7 +2991,11 @@ revoke_func_permission_from_public(Oid objectId) Oid phy_sch_oid; const char *phy_sch_name; const char *arg_list; - char kind; + char kind; + Oid save_userid; + int save_sec_context; + HeapTuple proc_tuple; + Form_pg_proc procedureStruct; /* TSQL specific behavior */ if (sql_dialect != SQL_DIALECT_TSQL) @@ -2991,11 +3004,18 @@ revoke_func_permission_from_public(Oid objectId) /* Advance command counter so new tuple can be seen by validator */ CommandCounterIncrement(); + proc_tuple = SearchSysCache1(PROCOID, + ObjectIdGetDatum(objectId)); + if (!HeapTupleIsValid(proc_tuple)) + elog(ERROR, "cache lookup failed for function %u", objectId); + + procedureStruct = (Form_pg_proc) GETSTRUCT(proc_tuple); + /* get properties */ - obj_name = get_func_name(objectId); - phy_sch_oid = get_func_namespace(objectId); + obj_name = NameStr(procedureStruct->proname); + phy_sch_oid = procedureStruct->pronamespace; phy_sch_name = get_namespace_name(phy_sch_oid); - kind = get_func_prokind(objectId); + kind = procedureStruct->prokind; arg_list = gen_func_arg_list(objectId); /* prepare subcommand */ @@ -3021,14 +3041,33 @@ revoke_func_permission_from_public(Oid objectId) wrapper->stmt_location = 0; wrapper->stmt_len = 0; - ProcessUtility(wrapper, - query, - false, - PROCESS_UTILITY_SUBCOMMAND, - NULL, - NULL, - None_Receiver, - NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + + PG_TRY(); + { + /* + * babelfish routines could be transferred to schema owner during creation so + * current user may not have grant privilege on this routine when we reach here + */ + SetUserIdAndSecContext(procedureStruct->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + ProcessUtility(wrapper, + INTERNAL_REVOKE_ALL_ON_ROUTINE, + false, + PROCESS_UTILITY_SUBCOMMAND, + NULL, + NULL, + None_Receiver, + NULL); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); + + pfree(query); + ReleaseSysCache(proc_tuple); /* Command Counter will be increased by validator */ } @@ -5729,3 +5768,95 @@ handle_grantstmt_for_dbsecadmin(ObjectType objType, Oid objId, Oid ownerId, } return; } + + +/* + * Objects are always owned by current user in postgres but in babelfish + * schema contained objects should be owned by the schema owner by default + * Use this hook to pick schema owner as object owner during object creation + * We currently only do this if current user is member of db_ddladmin + */ +static Oid +pltsql_get_object_owner(Oid namespaceId, Oid ownerId) +{ + HeapTuple tuple; + Form_pg_namespace nsptup; + const char *logical_schema_name; + + Assert(OidIsValid(namespaceId)); + + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return ownerId; + + if (!OidIsValid(ownerId)) + ownerId = GetUserId(); + + tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(namespaceId)); + nsptup = (Form_pg_namespace) GETSTRUCT(tuple); + + logical_schema_name = get_logical_schema_name(NameStr(nsptup->nspname), true); + + if (logical_schema_name) + { + Oid nsp_owner; + char *db_name = get_cur_db_name(); + char *dbo_name = get_dbo_role_name(db_name); + + /* + * babelfish issue special handing for dbo schema since it is + * owned by db_owner but the correct owner should have been dbo + */ + if (strcmp(logical_schema_name, "dbo") == 0) + nsp_owner = get_role_oid(dbo_name, false); + else + nsp_owner = nsptup->nspowner; + + if (ownerId != nsp_owner) + { + Oid db_ddladmin = get_db_ddladmin_oid(db_name, false); + Oid db_owner = get_db_owner_oid(db_name, false); + Oid schema_db_id = get_dbid_from_physical_schema_name(NameStr(nsptup->nspname), false); + + if (schema_db_id == get_cur_db_id() && + !has_privs_of_role(GetUserId(), db_owner) && + has_privs_of_role(GetUserId(), db_ddladmin)) + ownerId = nsp_owner; + } + + pfree(db_name); + pfree(dbo_name); + } + ReleaseSysCache(tuple); + + return ownerId; +} + +/* + * Check if the given namespace is inside the current active logical + * database and if the current user is a member of db_ddladmin fixed + * database role of the current active logical database + */ +static bool +is_bbf_db_ddladmin_operation(Oid namespaceId) +{ + char *nspname; + Oid schema_db_id; + Oid db_ddladmin; + + Assert(OidIsValid(namespaceId)); + + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return false; + + nspname = get_namespace_name(namespaceId); + schema_db_id = get_dbid_from_physical_schema_name(nspname, true); + db_ddladmin = get_db_ddladmin_oid(get_current_pltsql_db_name(), false); + + pfree(nspname); + + if (OidIsValid(schema_db_id) && schema_db_id == get_cur_db_id() && + has_privs_of_role(GetUserId(), db_ddladmin)) + return true; + + return false; +} diff --git a/contrib/babelfishpg_tsql/src/multidb.c b/contrib/babelfishpg_tsql/src/multidb.c index de313c67c0..d910787e20 100644 --- a/contrib/babelfishpg_tsql/src/multidb.c +++ b/contrib/babelfishpg_tsql/src/multidb.c @@ -1523,6 +1523,32 @@ get_db_securityadmin_oid(const char *dbname, bool missing_ok) return db_securityadmin_oid; } +char * +get_db_ddladmin_role_name(const char *dbname) +{ + char *name = palloc0(MAX_BBF_NAMEDATALEND); + + Assert(dbname != NULL && strlen(dbname) != 0); + + if (get_migration_mode() == SINGLE_DB && !IS_BBF_BUILT_IN_DB(dbname)) + snprintf(name, MAX_BBF_NAMEDATALEND, "%s", DB_DDLADMIN); + else + snprintf(name, MAX_BBF_NAMEDATALEND, "%s_%s", dbname, DB_DDLADMIN); + + truncate_identifier(name, strlen(name), false); + return name; +} + +Oid +get_db_ddladmin_oid(const char *dbname, bool missing_ok) +{ + char *db_ddladmin_name = get_db_ddladmin_role_name(dbname); + Oid db_ddladmin_oid = get_role_oid(db_ddladmin_name, missing_ok); + pfree(db_ddladmin_name); + + return db_ddladmin_oid; +} + char * get_guest_schema_name(const char *dbname) { diff --git a/contrib/babelfishpg_tsql/src/multidb.h b/contrib/babelfishpg_tsql/src/multidb.h index 8058d8ed4e..40d2cf21f0 100644 --- a/contrib/babelfishpg_tsql/src/multidb.h +++ b/contrib/babelfishpg_tsql/src/multidb.h @@ -30,6 +30,8 @@ extern Oid get_db_securityadmin_oid(const char *dbname, bool missing_ok); extern Oid get_db_owner_oid(const char *dbname, bool missing_ok); extern char *get_db_accessadmin_role_name(const char *dbname); extern Oid get_db_accessadmin_oid(const char *dbname, bool missing_ok); +extern char *get_db_ddladmin_role_name(const char *dbname); +extern Oid get_db_ddladmin_oid(const char *dbname, bool missing_ok); extern char *get_guest_role_name(const char *dbname); extern char *get_guest_schema_name(const char *dbname); extern char *get_db_datareader_name(const char *dbname); diff --git a/contrib/babelfishpg_tsql/src/pl_exec-2.c b/contrib/babelfishpg_tsql/src/pl_exec-2.c index d90054d693..f168ced9dc 100644 --- a/contrib/babelfishpg_tsql/src/pl_exec-2.c +++ b/contrib/babelfishpg_tsql/src/pl_exec-2.c @@ -4321,7 +4321,8 @@ check_create_or_drop_permission_for_partition_specifier(const char *name, bool i if (strncmp(login, get_owner_of_db(dbname), NAMEDATALEN) == 0) login_is_db_owner = true; - if (!login_is_db_owner && !is_member_of_role(session_user_id, get_role_oid("sysadmin", false))) + if (!login_is_db_owner && !is_member_of_role(session_user_id, get_role_oid("sysadmin", false)) && + !has_privs_of_role(GetUserId(), get_db_ddladmin_oid(dbname, false))) { if (is_create) ereport(ERROR, diff --git a/contrib/babelfishpg_tsql/src/pl_handler.c b/contrib/babelfishpg_tsql/src/pl_handler.c index 04a45603a9..30521f01e8 100644 --- a/contrib/babelfishpg_tsql/src/pl_handler.c +++ b/contrib/babelfishpg_tsql/src/pl_handler.c @@ -3755,8 +3755,6 @@ bbf_ProcessUtility(PlannedStmt *pstmt, else if (rolspec && strcmp(queryString, CREATE_FIXED_DB_ROLES) != 0) { const char *db_name = get_current_pltsql_db_name(); - Oid db_accessadmin = get_db_accessadmin_oid(db_name, false); - Oid db_securityadmin = get_db_securityadmin_oid(db_name, false); owner_oid = get_rolespec_oid(rolspec, true); /* @@ -3765,8 +3763,9 @@ bbf_ProcessUtility(PlannedStmt *pstmt, * to current user and later alter schema owner using bbf_role_admin */ if (!member_can_set_role(GetUserId(), owner_oid) && - (has_privs_of_role(GetUserId(), db_accessadmin) || - has_privs_of_role(GetUserId(), db_securityadmin)) && + (has_privs_of_role(GetUserId(), get_db_accessadmin_oid(db_name, false)) || + has_privs_of_role(GetUserId(), get_db_securityadmin_oid(db_name, false)) || + has_privs_of_role(GetUserId(), get_db_ddladmin_oid(db_name, false))) && get_db_principal_kind(owner_oid, db_name)) { create_schema->authrole = NULL; @@ -3823,6 +3822,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, { SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); AlterSchemaOwner_oid(get_namespace_oid(create_schema->schemaname, false), owner_oid); + CommandCounterIncrement(); } PG_FINALLY(); { @@ -3833,10 +3833,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, /* Execute subcommands for database roles.*/ if (strcmp(queryString, CREATE_GUEST_SCHEMAS_DURING_UPGRADE) != 0) { - if (rolspec) - exec_database_roles_subcmds(create_schema->schemaname, rolspec->rolename); - else - exec_database_roles_subcmds(create_schema->schemaname, NULL); + exec_database_roles_subcmds(create_schema->schemaname); } /* Grant ALL schema privileges to the user.*/ @@ -3880,18 +3877,22 @@ bbf_ProcessUtility(PlannedStmt *pstmt, if (!is_drop_db_statement) { - char *guest_schema_name = get_physical_schema_name(cur_db, "guest"); + char *guest_schema_name = get_guest_schema_name(cur_db); + char *dbo_schema_name = get_dbo_schema_name(cur_db); - if (strcmp(schemaname, guest_schema_name) == 0) + if (strcmp(schemaname, guest_schema_name) == 0 || + strcmp(schemaname, dbo_schema_name) == 0) { ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("Cannot drop the schema \'%s\'", schemaname))); } + pfree(guest_schema_name); + pfree(dbo_schema_name); } bbf_ExecDropStmt(drop_stmt); - del_ns_ext_info(schemaname, drop_stmt->missing_ok); + if (!is_drop_db_statement) { /* @@ -3907,6 +3908,14 @@ bbf_ProcessUtility(PlannedStmt *pstmt, else standard_ProcessUtility(pstmt, queryString, readOnlyTree, context, params, queryEnv, dest, qc); + + /* + * is_bbf_db_ddladmin_operation() checks if the schema being dropped + * belongs to the current logical database. This check only works if we + * drop the babelfish catalog entry after executing the schema drop + */ + del_ns_ext_info(schemaname, drop_stmt->missing_ok); + return; } else @@ -4306,7 +4315,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, */ /* Ignore when GRANT statement has no specific named object. */ - if (sql_dialect != SQL_DIALECT_TSQL || grant->targtype != ACL_TARGET_OBJECT) + if (sql_dialect != SQL_DIALECT_TSQL || grant->targtype != ACL_TARGET_OBJECT || strcmp(INTERNAL_REVOKE_ALL_ON_ROUTINE, queryString) == 0) break; Assert(list_length(grant->objects) == 1); if (grant->objtype == OBJECT_SCHEMA) @@ -4442,19 +4451,6 @@ bbf_ProcessUtility(PlannedStmt *pstmt, /* If ALL PRIVILEGES is granted/revoked. */ if (list_length(grant->privileges) == 0) { - /* - * Case: When ALL PRIVILEGES is revoked internally during create function. - * pstmt->stmt_len = 0 means it is an implicit REVOKE statement issued at the time of create function/procedure. - * For more details, please refer revoke_func_permission_from_public(). - * If schema entry exists in the catalog, implicitly grant permission on the new object to the user. - */ - if ((pstmt->stmt_len == 0) && privilege_exists_in_bbf_schema_permissions(logicalschema, PERMISSIONS_FOR_ALL_OBJECTS_IN_SCHEMA, NULL)) - { - call_prev_ProcessUtility(pstmt, queryString, readOnlyTree, context, params, queryEnv, dest, qc); - exec_internal_grant_on_function(logicalschema, funcname, obj_type); - return; - } - if (grant->is_grant) { foreach(lc, grant->grantees) @@ -5761,9 +5757,8 @@ pltsql_validator(PG_FUNCTION_ARGS) MemoryContext oldMemoryContext = CurrentMemoryContext; int saved_dialect = sql_dialect; - - if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) - PG_RETURN_VOID(); + int save_sec_context; + Oid save_userid; /* Get the new function's pg_proc entry */ tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid)); @@ -5771,6 +5766,22 @@ pltsql_validator(PG_FUNCTION_ARGS) elog(ERROR, "cache lookup failed for function %u", funcoid); proc = (Form_pg_proc) GETSTRUCT(tuple); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + PG_TRY(); + { + if (GetUserId() != proc->proowner && IS_TDS_CONN() && + has_privs_of_role(GetUserId(), get_db_ddladmin_oid(get_current_pltsql_db_name(), false))) + SetUserIdAndSecContext(proc->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); + prokind = proc->prokind; /* Disallow text, ntext, and image type result */ diff --git a/contrib/babelfishpg_tsql/src/pltsql.h b/contrib/babelfishpg_tsql/src/pltsql.h index 4d3be21b56..250449a24b 100644 --- a/contrib/babelfishpg_tsql/src/pltsql.h +++ b/contrib/babelfishpg_tsql/src/pltsql.h @@ -26,6 +26,7 @@ #include "commands/trigger.h" #include "collation.h" #include "executor/spi.h" +#include "libpq/libpq-be.h" #include "optimizer/planner.h" #include "utils/expandedrecord.h" #include "utils/plancache.h" @@ -1920,6 +1921,8 @@ extern common_utility_plugin *common_utility_plugin_ptr; #define IS_TDS_CLIENT() (*pltsql_protocol_plugin_ptr && \ (*pltsql_protocol_plugin_ptr)->is_tds_client) +#define IS_TDS_CONN() (MyProcPort && MyProcPort->is_tds_conn) + extern Oid procid_var; extern uint64 rowcount_var; extern List *columns_updated_list; @@ -1988,6 +1991,7 @@ extern bool insert_bulk_check_constraints; #define CREATE_FIXED_DB_ROLES "(CREATE FIXED DATABASE ROLES )" #define ALTER_DEFAULT_PRIVILEGES "(ALTER DEFAULT PRIVILEGES )" #define INTERNAL_GRANT_STATEMENT "(GRANT STATEMENT )" +#define INTERNAL_REVOKE_ALL_ON_ROUTINE "(REVOKE ALL ON ROUTINE )" /* FIXED DB PRINCIPALS */ #define DBO "dbo" @@ -1996,6 +2000,7 @@ extern bool insert_bulk_check_constraints; #define DB_SECURITYADMIN "db_securityadmin" #define DB_DATAREADER "db_datareader" #define DB_DATAWRITER "db_datawriter" +#define DB_DDLADMIN "db_ddladmin" #define IS_BBF_BUILT_IN_DB(dbname) \ (strcmp(dbname, "master") == 0 || \ @@ -2008,7 +2013,8 @@ extern bool insert_bulk_check_constraints; strcmp(rolname, DB_ACCESSADMIN) == 0 || \ strcmp(rolname, DB_SECURITYADMIN) == 0 || \ strcmp(rolname, DB_DATAREADER) == 0 || \ - strcmp(rolname, DB_DATAWRITER) == 0) + strcmp(rolname, DB_DATAWRITER) == 0 || \ + strcmp(rolname, DB_DDLADMIN) == 0) /********************************************************************** * Function declarations @@ -2092,7 +2098,7 @@ extern char *get_original_query_string(void); extern AclMode string_to_privilege(const char *privname); extern const char *privilege_to_string(AclMode privilege); extern Oid get_owner_of_schema(const char *schema); -extern void exec_database_roles_subcmds(const char *physical_schema, char *schema_owner); +extern void exec_database_roles_subcmds(const char *physical_schema); /* * Functions for namespace handling in pl_funcs.c diff --git a/contrib/babelfishpg_tsql/src/pltsql_utils.c b/contrib/babelfishpg_tsql/src/pltsql_utils.c index 7890a0f286..ec051a50f7 100644 --- a/contrib/babelfishpg_tsql/src/pltsql_utils.c +++ b/contrib/babelfishpg_tsql/src/pltsql_utils.c @@ -2516,16 +2516,18 @@ get_owner_of_schema(const char *schema) * Alter default privileges on all the objects in a schema to the db_datareader/db_datareader while creating a schema. */ void -exec_database_roles_subcmds(const char *schema, char *schema_owner) +exec_database_roles_subcmds(const char *schema) { StringInfoData query; char *db_datareader; char *db_datawriter; + char *db_ddladmin; char *dbo_role; char *db_owner; - const char *dbname = get_cur_db_name(); + char *schema_owner; + const char *dbname = get_current_pltsql_db_name(); List *stmt_list; - int expected_stmts = 2; + int expected_stmts = 4; ListCell *parsetree_item; Node *stmts; int i=0; @@ -2534,25 +2536,23 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); dbo_role = get_dbo_role_name(dbname); db_owner = get_db_owner_name(dbname); GetUserIdAndSecContext(&save_userid, &save_sec_context); - /* If schema owner is not the dbo/db_owner role. */ - if (schema_owner && strcmp(schema_owner, dbo_role) != 0 && strcmp(schema_owner, db_owner) != 0) - { - // do nothing - } - else - { - schema_owner = GetUserNameFromId(get_owner_of_schema(schema), false); - } + schema_owner = GetUserNameFromId(get_owner_of_schema(schema), false); initStringInfo(&query); + /* Grant privileges to db_datareader */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT SELECT ON TABLES TO dummy; "); + /* Grant privileges to db_datawriter */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT INSERT, UPDATE, DELETE ON TABLES TO dummy; "); + /* Grant privileges to db_ddladmin */ + appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT TRUNCATE ON TABLES TO dummy; "); + appendStringInfo(&query, "GRANT CREATE ON SCHEMA dummy TO dummy ; "); stmt_list = raw_parser(query.data, RAW_PARSE_DEFAULT); if (list_length(stmt_list) != expected_stmts) @@ -2567,6 +2567,11 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema, schema_owner, dbo_role, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_AlterDefaultPrivilegesStmt(stmts, schema, schema_owner, dbo_role, db_ddladmin, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema, NULL, db_ddladmin, NULL); + PG_TRY(); { SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); @@ -2601,6 +2606,7 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) SetUserIdAndSecContext(save_userid, save_sec_context); pfree(db_datareader); pfree(db_datawriter); + pfree(db_ddladmin); pfree(dbo_role); pfree(db_owner); } @@ -2617,4 +2623,4 @@ throw_error_for_fixed_db_role(char *rolname, char *dbname) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("Cannot grant, deny or revoke permissions to or from special roles."))); } -} \ No newline at end of file +} diff --git a/contrib/babelfishpg_tsql/src/schemacmds.c b/contrib/babelfishpg_tsql/src/schemacmds.c index fd50867bcd..ff8bf81ff2 100644 --- a/contrib/babelfishpg_tsql/src/schemacmds.c +++ b/contrib/babelfishpg_tsql/src/schemacmds.c @@ -76,9 +76,6 @@ del_ns_ext_info(const char *schemaname, bool missing_ok) ScanKeyData scanKey; SysScanDesc scan; - if (get_namespace_oid(schemaname, missing_ok) == InvalidOid) - return; - rel = table_open(namespace_ext_oid, RowExclusiveLock); ScanKeyInit(&scanKey, Anum_namespace_ext_namespace, @@ -93,9 +90,10 @@ del_ns_ext_info(const char *schemaname, bool missing_ok) { systable_endscan(scan); table_close(rel, RowExclusiveLock); - ereport(ERROR, - (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("Could not drop schema created under PostgreSQL dialect: \"%s\"", schemaname))); + if (!missing_ok) + ereport(ERROR, + (errcode(ERRCODE_INTERNAL_ERROR), + errmsg("Could not drop schema created under PostgreSQL dialect: \"%s\"", schemaname))); return; } diff --git a/test/JDBC/expected/BABEL-2403.out b/test/JDBC/expected/BABEL-2403.out index 6ee9a44d8b..45eef1c8a4 100644 --- a/test/JDBC/expected/BABEL-2403.out +++ b/test/JDBC/expected/BABEL-2403.out @@ -127,6 +127,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} @@ -244,6 +250,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} diff --git a/test/JDBC/expected/BABEL-2409.out b/test/JDBC/expected/BABEL-2409.out index 1b7cf31323..8303c9d912 100644 --- a/test/JDBC/expected/BABEL-2409.out +++ b/test/JDBC/expected/BABEL-2409.out @@ -27,6 +27,8 @@ GO -- psql CREATE SCHEMA master_xyz; GO +ALTER SCHEMA master_xyz OWNER TO master_dbo; +GO -- tsql DROP SCHEMA xyz; diff --git a/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out b/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out index 52de3e860b..7f3a161fe3 100644 --- a/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out +++ b/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out @@ -697,6 +697,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!#db_accessadmin#!##!#db1#!# db1_db_datareader#!#db_datareader#!##!#db1#!# db1_db_datawriter#!#db_datawriter#!##!#db1#!# +db1_db_ddladmin#!#db_ddladmin#!##!#db1#!# db1_db_owner#!#db_owner#!##!#db1#!# db1_db_securityadmin#!#db_securityadmin#!##!#db1#!# db1_dbo#!#dbo#!##!#db1#!#dbo @@ -704,6 +705,7 @@ db1_guest#!#guest#!##!#db1#!#guest master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -711,6 +713,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -718,6 +721,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -886,6 +890,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -893,6 +898,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -900,6 +906,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -949,6 +956,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!##!#db_accessadmin#!#db1#!# db1_db_datareader#!##!#db_datareader#!#db1#!# db1_db_datawriter#!##!#db_datawriter#!#db1#!# +db1_db_ddladmin#!##!#db_ddladmin#!#db1#!# db1_db_owner#!##!#db_owner#!#db1#!# db1_db_securityadmin#!##!#db_securityadmin#!#db1#!# db1_dbo#!##!#dbo#!#db1#!#dbo @@ -956,6 +964,7 @@ db1_guest#!##!#guest#!#db1#!#guest db2_db_accessadmin#!##!#db_accessadmin#!#db2#!# db2_db_datareader#!##!#db_datareader#!#db2#!# db2_db_datawriter#!##!#db_datawriter#!#db2#!# +db2_db_ddladmin#!##!#db_ddladmin#!#db2#!# db2_db_owner#!##!#db_owner#!#db2#!# db2_db_securityadmin#!##!#db_securityadmin#!#db2#!# db2_dbo#!##!#dbo#!#db2#!#dbo @@ -963,6 +972,7 @@ db2_guest#!##!#guest#!#db2#!#guest master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -970,6 +980,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -977,6 +988,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -995,6 +1007,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1031,6 +1044,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1169,6 +1183,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar db2_db_accessadmin#!#db_accessadmin#!##!#db2#!# db2_db_datareader#!#db_datareader#!##!#db2#!# db2_db_datawriter#!#db_datawriter#!##!#db2#!# +db2_db_ddladmin#!#db_ddladmin#!##!#db2#!# db2_db_owner#!#db_owner#!##!#db2#!# db2_db_securityadmin#!#db_securityadmin#!##!#db2#!# db2_dbo#!#dbo#!##!#db2#!#dbo @@ -1176,6 +1191,7 @@ db2_guest#!#guest#!##!#db2#!#guest master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1183,6 +1199,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1190,6 +1207,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1209,6 +1227,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1216,6 +1235,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1223,6 +1243,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1499,6 +1520,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1520,6 +1542,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1540,6 +1563,7 @@ babel_4935_no_sysadmin1 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1559,6 +1583,7 @@ varchar db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo diff --git a/test/JDBC/expected/BABEL-USER.out b/test/JDBC/expected/BABEL-USER.out index 086c67743c..86011d6af2 100644 --- a/test/JDBC/expected/BABEL-USER.out +++ b/test/JDBC/expected/BABEL-USER.out @@ -52,6 +52,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!##!#db_accessadmin#!#db1#!# db1_db_datareader#!##!#db_datareader#!#db1#!# db1_db_datawriter#!##!#db_datawriter#!#db1#!# +db1_db_ddladmin#!##!#db_ddladmin#!#db1#!# db1_db_owner#!##!#db_owner#!#db1#!# db1_db_securityadmin#!##!#db_securityadmin#!#db1#!# db1_dbo#!##!#dbo#!#db1#!#dbo @@ -59,6 +60,7 @@ db1_guest#!##!#guest#!#db1#!#guest master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -66,6 +68,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -73,6 +76,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -91,6 +95,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# diff --git a/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out b/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out index 8a423a1cea..f7a752908a 100644 --- a/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out @@ -7,6 +7,7 @@ db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer +db_ddladmin#!#DB DDL Administrators ~~END~~ @@ -22,7 +23,7 @@ SELECT dbo.test_sp_helpdbfixedrole_func() GO ~~START~~ int -5 +6 ~~END~~ @@ -30,7 +31,7 @@ SELECT * FROM test_sp_helpdbfixedrole_view GO ~~START~~ int -5 +6 ~~END~~ diff --git a/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out b/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out index 24ff4bb1c3..cfb3ccbb8b 100644 --- a/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out @@ -1,6 +1,6 @@ INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole GO -~~ROW COUNT: 5~~ +~~ROW COUNT: 6~~ SELECT DbFixedRole, Description FROM test_sp_helpdbfixedrole_tbl @@ -12,6 +12,7 @@ db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer +db_ddladmin#!#DB DDL Administrators ~~END~~ @@ -60,6 +61,8 @@ GO INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'db_ddladmin ' GO +~~ROW COUNT: 1~~ + INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'DB_backupoperator ' GO INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'db_datareader' @@ -81,6 +84,7 @@ GO varchar#!#nvarchar db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators +db_ddladmin#!#DB DDL Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer ~~END~~ diff --git a/test/JDBC/expected/Test_alter_db_rename-vu-verify.out b/test/JDBC/expected/Test_alter_db_rename-vu-verify.out index c435e0dcbd..a7c4889edb 100644 --- a/test/JDBC/expected/Test_alter_db_rename-vu-verify.out +++ b/test/JDBC/expected/Test_alter_db_rename-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -197,6 +199,7 @@ thisnewdatabasenameiscasesensitc4313f9adf0e47cfa5aca25228e02f29#!#dbo ~~START~~ varchar#!#varchar#!#nvarchar#!#nvarchar thisnewdatabasenameiscasesensit4e1f355d810759b9f1a59b04496ed2e1#!##!#guest#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e +thisnewdatabasenameiscasesensit72927d959d85ca4219923b43129c8ed9#!##!#db_ddladmin#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit72e4dcc7ed25f5536033cf547cd7f001#!##!#db_owner#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit7de06ed1a7bed768d6641b3e7841314c#!##!#db_datareader#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit944678472843354d6b3a4354630249a8#!##!#db_accessadmin#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e diff --git a/test/JDBC/expected/Test_rename_db_single-db.out b/test/JDBC/expected/Test_rename_db_single-db.out index b43269cf49..a4fc86b2f5 100644 --- a/test/JDBC/expected/Test_rename_db_single-db.out +++ b/test/JDBC/expected/Test_rename_db_single-db.out @@ -35,6 +35,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -139,6 +141,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -191,6 +194,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -255,6 +259,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -307,6 +312,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -359,6 +365,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -411,6 +418,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 diff --git a/test/JDBC/expected/Test_sp_rename_database-vu-verify.out b/test/JDBC/expected/Test_sp_rename_database-vu-verify.out index 1900036990..cee3848de5 100644 --- a/test/JDBC/expected/Test_sp_rename_database-vu-verify.out +++ b/test/JDBC/expected/Test_sp_rename_database-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_rename_database1_db_accessadmin#!##!#db_accessadmin#!#sp_rename_database1 sp_rename_database1_db_datareader#!##!#db_datareader#!#sp_rename_database1 sp_rename_database1_db_datawriter#!##!#db_datawriter#!#sp_rename_database1 +sp_rename_database1_db_ddladmin#!##!#db_ddladmin#!#sp_rename_database1 sp_rename_database1_db_owner#!##!#db_owner#!#sp_rename_database1 sp_rename_database1_db_securityadmin#!##!#db_securityadmin#!#sp_rename_database1 sp_rename_database1_dbo#!##!#dbo#!#sp_rename_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_rename_database2_db_accessadmin#!##!#db_accessadmin#!#sp_rename_database2 sp_rename_database2_db_datareader#!##!#db_datareader#!#sp_rename_database2 sp_rename_database2_db_datawriter#!##!#db_datawriter#!#sp_rename_database2 +sp_rename_database2_db_ddladmin#!##!#db_ddladmin#!#sp_rename_database2 sp_rename_database2_db_owner#!##!#db_owner#!#sp_rename_database2 sp_rename_database2_db_securityadmin#!##!#db_securityadmin#!#sp_rename_database2 sp_rename_database2_dbo#!##!#dbo#!#sp_rename_database2 @@ -203,6 +205,7 @@ sp_rename_thisnewdatabasenameisfacf8af797f428fdc401ffddc672894d#!#dbo ~~START~~ varchar#!#varchar#!#nvarchar#!#nvarchar +sp_rename_thisnewdatabasenameis13e6a4262544f66eae3d52bc3368a097#!##!#db_ddladmin#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis1e39ca7c78a1fba2342467331fb5bd56#!##!#db_owner#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis21f79a8b66248a73068dca6edd5b0ca3#!##!#guest#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis95c235131f6db63ef16f222aa48d0554#!##!#db_datareader#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 diff --git a/test/JDBC/expected/Test_sp_renamedb-vu-verify.out b/test/JDBC/expected/Test_sp_renamedb-vu-verify.out index 460a11cb6a..813e881039 100644 --- a/test/JDBC/expected/Test_sp_renamedb-vu-verify.out +++ b/test/JDBC/expected/Test_sp_renamedb-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_renamedb_database1_db_accessadmin#!##!#db_accessadmin#!#sp_renamedb_database1 sp_renamedb_database1_db_datareader#!##!#db_datareader#!#sp_renamedb_database1 sp_renamedb_database1_db_datawriter#!##!#db_datawriter#!#sp_renamedb_database1 +sp_renamedb_database1_db_ddladmin#!##!#db_ddladmin#!#sp_renamedb_database1 sp_renamedb_database1_db_owner#!##!#db_owner#!#sp_renamedb_database1 sp_renamedb_database1_db_securityadmin#!##!#db_securityadmin#!#sp_renamedb_database1 sp_renamedb_database1_dbo#!##!#dbo#!#sp_renamedb_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_renamedb_database2_db_accessadmin#!##!#db_accessadmin#!#sp_renamedb_database2 sp_renamedb_database2_db_datareader#!##!#db_datareader#!#sp_renamedb_database2 sp_renamedb_database2_db_datawriter#!##!#db_datawriter#!#sp_renamedb_database2 +sp_renamedb_database2_db_ddladmin#!##!#db_ddladmin#!#sp_renamedb_database2 sp_renamedb_database2_db_owner#!##!#db_owner#!#sp_renamedb_database2 sp_renamedb_database2_db_securityadmin#!##!#db_securityadmin#!#sp_renamedb_database2 sp_renamedb_database2_dbo#!##!#dbo#!#sp_renamedb_database2 @@ -208,6 +210,7 @@ sp_renamedb_thisnewdatabasename2a476218bfa8dba9ac86fb898b11e9a5#!##!#db_datawrit sp_renamedb_thisnewdatabasename7052c471c798d0b08c69f719bcd607d7#!##!#db_datareader#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameb0dffbb56deab7ad4e684df689419c65#!##!#db_owner#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameda6915c331b2fe3a4c4e33126c0366c1#!##!#db_securityadmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd +sp_renamedb_thisnewdatabasenamedc7b15e8672064bd10ff0615b83919cb#!##!#db_ddladmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenamedeb7cafbbedd23f312d90e7c10a60901#!##!#guest#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameeeb9e8f522c23281503d418ce3640572#!##!#db_accessadmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd ~~END~~ diff --git a/test/JDBC/expected/datareader_datawriter.out b/test/JDBC/expected/datareader_datawriter.out index ddc726e3b2..e6c1ddaf4f 100644 --- a/test/JDBC/expected/datareader_datawriter.out +++ b/test/JDBC/expected/datareader_datawriter.out @@ -284,7 +284,7 @@ go -- Insert the results of sp_helprole into the temporary table INSERT INTO #UserRoles EXEC sp_helprole; go -~~ROW COUNT: 6~~ +~~ROW COUNT: 7~~ -- Select the desired fields from the temporary table SELECT RoleName, IsAppRole FROM #UserRoles WHERE RoleName IN ('db_datareader', 'db_datawriter'); diff --git a/test/JDBC/expected/db_accessadmin-vu-verify.out b/test/JDBC/expected/db_accessadmin-vu-verify.out index b5fc51976f..877882880d 100644 --- a/test/JDBC/expected/db_accessadmin-vu-verify.out +++ b/test/JDBC/expected/db_accessadmin-vu-verify.out @@ -605,6 +605,7 @@ GO ~~START~~ nvarchar#!#varchar db_accessadmin#!#=C +db_ddladmin#!#=C db_securityadmin#!#=C dbo#!#=CTc ~~END~~ diff --git a/test/JDBC/expected/db_ddladmin-vu-cleanup.out b/test/JDBC/expected/db_ddladmin-vu-cleanup.out new file mode 100644 index 0000000000..72455efaca --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-cleanup.out @@ -0,0 +1,42 @@ +DROP DATABASE babel_5116_db +GO + +USE master +GO + +DROP LOGIN babel_5116_l1 +GO +DROP LOGIN babel_5116_l2 +GO +DROP LOGIN babel_5116_l3 +GO +DROP USER babel_5116_l1 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO diff --git a/test/JDBC/expected/db_ddladmin-vu-prepare.out b/test/JDBC/expected/db_ddladmin-vu-prepare.out new file mode 100644 index 0000000000..c459bdc080 --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-prepare.out @@ -0,0 +1,95 @@ +USE master +GO + +CREATE LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO + +CREATE DATABASE babel_5116_db +GO +USE babel_5116_db +GO + +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT, con_col INT NOT NULL CONSTRAINT babel_5116_constr1 UNIQUE) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig1 ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch2 AUTHORIZATION babel_5116_r1 +GO diff --git a/test/JDBC/expected/db_ddladmin-vu-verify.out b/test/JDBC/expected/db_ddladmin-vu-verify.out new file mode 100644 index 0000000000..1ff8a5753f --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-verify.out @@ -0,0 +1,1100 @@ +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +0 +~~END~~ + +SELECT CURRENT_USER +GO +~~START~~ +varchar +babel_5116_l1 +~~END~~ + +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to create new login)~~ + +CREATE USER u +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "u" does not exist)~~ + +CREATE ROLE r +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE TABLE t (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE PROCEDURE p AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE t FROM sys.varchar(10) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE tabletype AS TABLE (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +TRUNCATE TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +CREATE SCHEMA babel_5116_sch1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + + + +DROP LOGIN babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the login 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP VIEW babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view babel_5116_v1)~~ + +DROP SEQUENCE babel_5116_s1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + +DROP TRIGGER babel_5116_trig +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of relation babel_5116_t1)~~ + +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of index babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b)~~ + +DROP TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DROP FUNCTION babel_5116_f1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_f1)~~ + +DROP FUNCTION babel_5116_tvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_tvf1)~~ + +DROP FUNCTION babel_5116_mtvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_mtvf1)~~ + +DROP PROC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of procedure babel_5116_p1)~~ + +DROP TYPE babel_5116_type1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_type1)~~ + +DROP TYPE babel_5116_tabletype1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_tabletype1)~~ + + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO +~~START~~ +int +~~END~~ + + +-- tsql +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +CREATE DATABASE babel_5116_db1; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied to create database)~~ + +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot find the principal 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + +DROP DATABASE babel_5116_db; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of database babel_5116_db)~~ + + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +DROP USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l2', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r2', because it does not exist or you do not have permission.)~~ + + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO +~~START~~ +int +~~END~~ + + + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +DELETE FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +UPDATE babel_5116_t1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +SELECT * FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +DELETE FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +UPDATE babel_5116_t2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +SELECT * FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +DELETE FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +UPDATE babel_5116_v1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +SELECT * FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +DELETE FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +UPDATE babel_5116_v2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s1)~~ + +SELECT NEXT VALUE FOR babel_5116_s2; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s2)~~ + + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p1)~~ + +EXEC babel_5116_p2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p2)~~ + +SELECT babel_5116_f1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f1)~~ + +SELECT babel_5116_f2() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f2)~~ + +SELECT * FROM babel_5116_tvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_tvf1)~~ + +SELECT * FROM babel_5116_mtvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_mtvf1)~~ + + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for column "tableoid" of relation "babel_5116_t1")~~ + +REVOKE CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +~~START~~ +char#!#char +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#babel_5116_db_dbo +babel_5116_idx1babel_5116_t2e29153c477c95d679c4b63370567552b #!#babel_5116_db_dbo +babel_5116_pt #!#babel_5116_db_dbo +babel_5116_pt_saleid_seq #!#babel_5116_db_dbo +babel_5116_s1 #!#babel_5116_db_dbo +babel_5116_s2 #!#babel_5116_db_dbo +babel_5116_t1 #!#babel_5116_db_dbo +babel_5116_t2 #!#babel_5116_db_dbo +babel_5116_t3 #!#babel_5116_db_dbo +babel_5116_tabletype1 #!#babel_5116_db_dbo +babel_5116_tabletype2 #!#babel_5116_db_dbo +babel_5116_v1 #!#babel_5116_db_dbo +babel_5116_v2 #!#babel_5116_db_dbo +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#master_dbo +babel_5116_s1 #!#master_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +~~START~~ +char#!#char +babel_5116_f1 #!#babel_5116_db_dbo +babel_5116_f2 #!#babel_5116_db_dbo +babel_5116_mtvf1 #!#babel_5116_db_dbo +babel_5116_mtvf2 #!#babel_5116_db_dbo +babel_5116_p1 #!#babel_5116_db_dbo +babel_5116_p2 #!#babel_5116_db_dbo +babel_5116_trig1 #!#babel_5116_db_dbo +babel_5116_trig2 #!#babel_5116_db_dbo +babel_5116_tvf1 #!#babel_5116_db_dbo +babel_5116_tvf2 #!#babel_5116_db_dbo +babel_5116_f1 #!#master_dbo +babel_5116_mtvf1 #!#master_dbo +babel_5116_p1 #!#master_dbo +babel_5116_trig #!#master_dbo +babel_5116_tvf1 #!#master_dbo +~~END~~ + +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO +~~START~~ +char#!#char +babel_5116_pt #!#babel_5116_db_dbo +babel_5116_t1 #!#babel_5116_db_dbo +babel_5116_t2 #!#babel_5116_db_dbo +babel_5116_t3 #!#babel_5116_db_dbo +babel_5116_tabletype1 #!#babel_5116_db_dbo +babel_5116_tabletype2 #!#babel_5116_db_dbo +babel_5116_type1 #!#babel_5116_db_dbo +babel_5116_type2 #!#babel_5116_db_dbo +babel_5116_v1 #!#babel_5116_db_dbo +babel_5116_v2 #!#babel_5116_db_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_type1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +~~END~~ + + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +babel_5116_db_db_ddladmin #!#babel_5116_pt #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t1 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t2 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t3 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_v1 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_v2 #!#a +babel_5116_db_dbo #!#babel_5116_f1 #!#o +babel_5116_db_dbo #!#babel_5116_f2 #!#o +babel_5116_db_dbo #!#babel_5116_mtvf1 #!#o +babel_5116_db_dbo #!#babel_5116_mtvf2 #!#o +babel_5116_db_dbo #!#babel_5116_p1 #!#o +babel_5116_db_dbo #!#babel_5116_p2 #!#o +babel_5116_db_dbo #!#babel_5116_pt #!#o +babel_5116_db_dbo #!#babel_5116_pt_saleid_s#!#o +babel_5116_db_dbo #!#babel_5116_s1 #!#o +babel_5116_db_dbo #!#babel_5116_s2 #!#o +babel_5116_db_dbo #!#babel_5116_t1 #!#o +babel_5116_db_dbo #!#babel_5116_t2 #!#o +babel_5116_db_dbo #!#babel_5116_t3 #!#o +babel_5116_db_dbo #!#babel_5116_tabletype1 #!#o +babel_5116_db_dbo #!#babel_5116_tabletype2 #!#o +babel_5116_db_dbo #!#babel_5116_trig1 #!#o +babel_5116_db_dbo #!#babel_5116_trig2 #!#o +babel_5116_db_dbo #!#babel_5116_tvf1 #!#o +babel_5116_db_dbo #!#babel_5116_tvf2 #!#o +babel_5116_db_dbo #!#babel_5116_type1 #!#o +babel_5116_db_dbo #!#babel_5116_type2 #!#o +babel_5116_db_dbo #!#babel_5116_v1 #!#o +babel_5116_db_dbo #!#babel_5116_v2 #!#o +~~END~~ + + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Feature not supported: renaming object type Index)~~ + + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'babel_5116_db_dbo')~~ + +DROP SCHEMA guest +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'babel_5116_db_guest')~~ + + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/expected/single_db/BABEL-2403.out b/test/JDBC/expected/single_db/BABEL-2403.out index 08d51c0417..bc048f4028 100644 --- a/test/JDBC/expected/single_db/BABEL-2403.out +++ b/test/JDBC/expected/single_db/BABEL-2403.out @@ -115,6 +115,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} @@ -220,6 +226,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} diff --git a/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out b/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out index f01405e747..bd9742cef7 100644 --- a/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out +++ b/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out @@ -698,12 +698,14 @@ db1_guest#!#guest#!##!#db1#!#guest db_accessadmin#!#db_accessadmin#!##!#db1#!# db_datareader#!#db_datareader#!##!#db1#!# db_datawriter#!#db_datawriter#!##!#db1#!# +db_ddladmin#!#db_ddladmin#!##!#db1#!# db_owner#!#db_owner#!##!#db1#!# db_securityadmin#!#db_securityadmin#!##!#db1#!# dbo#!#dbo#!##!#db1#!#dbo master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -711,6 +713,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -718,6 +721,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -886,6 +890,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -893,6 +898,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -900,6 +906,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -954,12 +961,14 @@ db1_guest#!##!#guest#!#db1#!#guest db_accessadmin#!##!#db_accessadmin#!#db1#!# db_datareader#!##!#db_datareader#!#db1#!# db_datawriter#!##!#db_datawriter#!#db1#!# +db_ddladmin#!##!#db_ddladmin#!#db1#!# db_owner#!##!#db_owner#!#db1#!# db_securityadmin#!##!#db_securityadmin#!#db1#!# dbo#!##!#dbo#!#db1#!#dbo master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -967,6 +976,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -974,6 +984,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -992,6 +1003,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1027,6 +1039,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1169,6 +1182,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1176,6 +1190,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1183,6 +1198,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1206,6 +1222,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1213,6 +1230,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1220,6 +1238,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1513,6 +1532,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1534,6 +1554,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1554,6 +1575,7 @@ babel_4935_no_sysadmin1 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1573,6 +1595,7 @@ varchar db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo diff --git a/test/JDBC/expected/single_db/BABEL-USER.out b/test/JDBC/expected/single_db/BABEL-USER.out index a38500e1d7..5e9f0f41b8 100644 --- a/test/JDBC/expected/single_db/BABEL-USER.out +++ b/test/JDBC/expected/single_db/BABEL-USER.out @@ -53,12 +53,14 @@ db1_guest#!##!#guest#!#db1#!#guest db_accessadmin#!##!#db_accessadmin#!#db1#!# db_datareader#!##!#db_datareader#!#db1#!# db_datawriter#!##!#db_datawriter#!#db1#!# +db_ddladmin#!##!#db_ddladmin#!#db1#!# db_owner#!##!#db_owner#!#db1#!# db_securityadmin#!##!#db_securityadmin#!#db1#!# dbo#!##!#dbo#!#db1#!#dbo master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -66,6 +68,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -73,6 +76,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -91,6 +95,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# diff --git a/test/JDBC/expected/single_db/Test_rename_db_single-db.out b/test/JDBC/expected/single_db/Test_rename_db_single-db.out index 31fd69b3ce..60bae32610 100644 --- a/test/JDBC/expected/single_db/Test_rename_db_single-db.out +++ b/test/JDBC/expected/single_db/Test_rename_db_single-db.out @@ -35,6 +35,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -139,6 +141,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -191,6 +194,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -255,6 +259,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -307,6 +312,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -359,6 +365,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -411,6 +418,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 diff --git a/test/JDBC/expected/single_db/datareader_datawriter.out b/test/JDBC/expected/single_db/datareader_datawriter.out index 4a0dcfa4f5..0c73791dd4 100644 --- a/test/JDBC/expected/single_db/datareader_datawriter.out +++ b/test/JDBC/expected/single_db/datareader_datawriter.out @@ -284,7 +284,7 @@ go -- Insert the results of sp_helprole into the temporary table INSERT INTO #UserRoles EXEC sp_helprole; go -~~ROW COUNT: 6~~ +~~ROW COUNT: 7~~ -- Select the desired fields from the temporary table SELECT RoleName, IsAppRole FROM #UserRoles WHERE RoleName IN ('db_datareader', 'db_datawriter'); diff --git a/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out b/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out index ad75861ef1..e357df9036 100644 --- a/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out +++ b/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out @@ -605,6 +605,7 @@ GO ~~START~~ nvarchar#!#varchar db_accessadmin#!#=C +db_ddladmin#!#=C db_securityadmin#!#=C dbo#!#=CTc ~~END~~ diff --git a/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out new file mode 100644 index 0000000000..aedf5945b5 --- /dev/null +++ b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out @@ -0,0 +1,1100 @@ +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +0 +~~END~~ + +SELECT CURRENT_USER +GO +~~START~~ +varchar +babel_5116_l1 +~~END~~ + +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to create new login)~~ + +CREATE USER u +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "u" does not exist)~~ + +CREATE ROLE r +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE TABLE t (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE PROCEDURE p AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE t FROM sys.varchar(10) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE tabletype AS TABLE (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +TRUNCATE TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +CREATE SCHEMA babel_5116_sch1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + + + +DROP LOGIN babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the login 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP VIEW babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view babel_5116_v1)~~ + +DROP SEQUENCE babel_5116_s1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + +DROP TRIGGER babel_5116_trig +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of relation babel_5116_t1)~~ + +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of index babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b)~~ + +DROP TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DROP FUNCTION babel_5116_f1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_f1)~~ + +DROP FUNCTION babel_5116_tvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_tvf1)~~ + +DROP FUNCTION babel_5116_mtvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_mtvf1)~~ + +DROP PROC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of procedure babel_5116_p1)~~ + +DROP TYPE babel_5116_type1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_type1)~~ + +DROP TYPE babel_5116_tabletype1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_tabletype1)~~ + + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO +~~START~~ +int +~~END~~ + + +-- tsql +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +CREATE DATABASE babel_5116_db1; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Only one user database allowed under single-db mode. User database "babel_5116_db" already exists)~~ + +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot find the principal 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + +DROP DATABASE babel_5116_db; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of database babel_5116_db)~~ + + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +DROP USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l2', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r2', because it does not exist or you do not have permission.)~~ + + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO +~~START~~ +int +~~END~~ + + + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +DELETE FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +UPDATE babel_5116_t1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +SELECT * FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +DELETE FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +UPDATE babel_5116_t2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +SELECT * FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +DELETE FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +UPDATE babel_5116_v1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +SELECT * FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +DELETE FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +UPDATE babel_5116_v2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s1)~~ + +SELECT NEXT VALUE FOR babel_5116_s2; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s2)~~ + + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p1)~~ + +EXEC babel_5116_p2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p2)~~ + +SELECT babel_5116_f1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f1)~~ + +SELECT babel_5116_f2() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f2)~~ + +SELECT * FROM babel_5116_tvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_tvf1)~~ + +SELECT * FROM babel_5116_mtvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_mtvf1)~~ + + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for column "tableoid" of relation "babel_5116_t1")~~ + +REVOKE CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +~~START~~ +char#!#char +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#dbo +babel_5116_idx1babel_5116_t2e29153c477c95d679c4b63370567552b #!#dbo +babel_5116_pt #!#dbo +babel_5116_pt_saleid_seq #!#dbo +babel_5116_s1 #!#dbo +babel_5116_s2 #!#dbo +babel_5116_t1 #!#dbo +babel_5116_t2 #!#dbo +babel_5116_t3 #!#dbo +babel_5116_tabletype1 #!#dbo +babel_5116_tabletype2 #!#dbo +babel_5116_v1 #!#dbo +babel_5116_v2 #!#dbo +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#master_dbo +babel_5116_s1 #!#master_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +~~START~~ +char#!#char +babel_5116_f1 #!#dbo +babel_5116_f2 #!#dbo +babel_5116_mtvf1 #!#dbo +babel_5116_mtvf2 #!#dbo +babel_5116_p1 #!#dbo +babel_5116_p2 #!#dbo +babel_5116_trig1 #!#dbo +babel_5116_trig2 #!#dbo +babel_5116_tvf1 #!#dbo +babel_5116_tvf2 #!#dbo +babel_5116_f1 #!#master_dbo +babel_5116_mtvf1 #!#master_dbo +babel_5116_p1 #!#master_dbo +babel_5116_trig #!#master_dbo +babel_5116_tvf1 #!#master_dbo +~~END~~ + +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO +~~START~~ +char#!#char +babel_5116_pt #!#dbo +babel_5116_t1 #!#dbo +babel_5116_t2 #!#dbo +babel_5116_t3 #!#dbo +babel_5116_tabletype1 #!#dbo +babel_5116_tabletype2 #!#dbo +babel_5116_type1 #!#dbo +babel_5116_type2 #!#dbo +babel_5116_v1 #!#dbo +babel_5116_v2 #!#dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_type1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +~~END~~ + + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +db_ddladmin #!#babel_5116_pt #!#a +db_ddladmin #!#babel_5116_t1 #!#a +db_ddladmin #!#babel_5116_t2 #!#a +db_ddladmin #!#babel_5116_t3 #!#a +db_ddladmin #!#babel_5116_v1 #!#a +db_ddladmin #!#babel_5116_v2 #!#a +dbo #!#babel_5116_f1 #!#o +dbo #!#babel_5116_f2 #!#o +dbo #!#babel_5116_mtvf1 #!#o +dbo #!#babel_5116_mtvf2 #!#o +dbo #!#babel_5116_p1 #!#o +dbo #!#babel_5116_p2 #!#o +dbo #!#babel_5116_pt #!#o +dbo #!#babel_5116_pt_saleid_s#!#o +dbo #!#babel_5116_s1 #!#o +dbo #!#babel_5116_s2 #!#o +dbo #!#babel_5116_t1 #!#o +dbo #!#babel_5116_t2 #!#o +dbo #!#babel_5116_t3 #!#o +dbo #!#babel_5116_tabletype1 #!#o +dbo #!#babel_5116_tabletype2 #!#o +dbo #!#babel_5116_trig1 #!#o +dbo #!#babel_5116_trig2 #!#o +dbo #!#babel_5116_tvf1 #!#o +dbo #!#babel_5116_tvf2 #!#o +dbo #!#babel_5116_type1 #!#o +dbo #!#babel_5116_type2 #!#o +dbo #!#babel_5116_v1 #!#o +dbo #!#babel_5116_v2 #!#o +~~END~~ + + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Feature not supported: renaming object type Index)~~ + + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'dbo')~~ + +DROP SCHEMA guest +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'guest')~~ + + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/input/BABEL-2409.mix b/test/JDBC/input/BABEL-2409.mix index d7e6cddaa7..f1af60fdc1 100644 --- a/test/JDBC/input/BABEL-2409.mix +++ b/test/JDBC/input/BABEL-2409.mix @@ -17,6 +17,8 @@ GO -- psql CREATE SCHEMA master_xyz; GO +ALTER SCHEMA master_xyz OWNER TO master_dbo; +GO -- tsql DROP SCHEMA xyz; diff --git a/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix b/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix index dae08b913f..789723463d 100644 --- a/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix +++ b/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix @@ -1,5 +1,5 @@ --- sla 60000 --- sla_for_parallel_query_enforced 60000 +-- sla 160000 +-- sla_for_parallel_query_enforced 160000 -- tsql CREATE DATABASE db1 GO diff --git a/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql b/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql index 1e9f18cf6f..0a9df38749 100644 --- a/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql +++ b/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql @@ -1,4 +1,4 @@ --- sla 20000 +-- sla 160000 use babel_sp_table_priviliges_vu_prepare_db1 go diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql b/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql new file mode 100644 index 0000000000..15232964aa --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql @@ -0,0 +1,42 @@ +DROP DATABASE babel_5116_db +GO + +USE master +GO + +DROP LOGIN babel_5116_l1 +GO +DROP LOGIN babel_5116_l2 +GO +DROP LOGIN babel_5116_l3 +GO +DROP USER babel_5116_l1 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO \ No newline at end of file diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql b/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql new file mode 100644 index 0000000000..c459bdc080 --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql @@ -0,0 +1,95 @@ +USE master +GO + +CREATE LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO + +CREATE DATABASE babel_5116_db +GO +USE babel_5116_db +GO + +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT, con_col INT NOT NULL CONSTRAINT babel_5116_constr1 UNIQUE) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig1 ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch2 AUTHORIZATION babel_5116_r1 +GO diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix new file mode 100644 index 0000000000..85c1fe9982 --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix @@ -0,0 +1,611 @@ +-- single_db_mode_expected +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +SELECT CURRENT_USER +GO +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +CREATE USER u +GO +CREATE ROLE r +GO +CREATE TABLE t (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE p AS SELECT 1 +GO +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE t FROM sys.varchar(10) +GO +CREATE TYPE tabletype AS TABLE (id INT) +GO +TRUNCATE TABLE babel_5116_t1 +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER PROC babel_5116_p1 AS SELECT 2 +GO + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO + + +DROP LOGIN babel_5116_l1 +GO +DROP USER babel_5116_l1 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO + +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +-- tsql +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO + +CREATE DATABASE babel_5116_db1; +GO +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +DROP DATABASE babel_5116_db; +GO + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +CREATE ROLE babel_5116_r2 +GO +DROP USER babel_5116_l3 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP ROLE babel_5116_r2 +GO + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +DELETE FROM babel_5116_t1 +GO +UPDATE babel_5116_t1 SET id = 1 +GO +SELECT * FROM babel_5116_t2 +GO +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +DELETE FROM babel_5116_t2 +GO +UPDATE babel_5116_t2 SET id = 1 +GO +SELECT * FROM babel_5116_v1 +GO +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +DELETE FROM babel_5116_v1 +GO +UPDATE babel_5116_v1 SET id = 1 +GO +SELECT * FROM babel_5116_v2 +GO +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +DELETE FROM babel_5116_v2 +GO +UPDATE babel_5116_v2 SET id = 1 +GO + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +SELECT NEXT VALUE FOR babel_5116_s2; +GO + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +EXEC babel_5116_p2 +GO +SELECT babel_5116_f1() +GO +SELECT babel_5116_f2() +GO +SELECT * FROM babel_5116_tvf1() +GO +SELECT * FROM babel_5116_mtvf1() +GO + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +REVOKE CONNECT TO babel_5116_l2 +GO + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) + ORDER BY deptype, r.rolname, object_name(objid); +GO + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +DROP SCHEMA guest +GO + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/upgrade/13_6/schedule b/test/JDBC/upgrade/13_6/schedule index 89b91f9218..c6074be194 100644 --- a/test/JDBC/upgrade/13_6/schedule +++ b/test/JDBC/upgrade/13_6/schedule @@ -119,7 +119,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_7/schedule b/test/JDBC/upgrade/13_7/schedule index ef802ab910..e9db0bb0bb 100644 --- a/test/JDBC/upgrade/13_7/schedule +++ b/test/JDBC/upgrade/13_7/schedule @@ -117,7 +117,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_8/schedule b/test/JDBC/upgrade/13_8/schedule index ef802ab910..e9db0bb0bb 100644 --- a/test/JDBC/upgrade/13_8/schedule +++ b/test/JDBC/upgrade/13_8/schedule @@ -117,7 +117,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_9/schedule b/test/JDBC/upgrade/13_9/schedule index a64a6d980f..dc3a9ffab7 100644 --- a/test/JDBC/upgrade/13_9/schedule +++ b/test/JDBC/upgrade/13_9/schedule @@ -116,7 +116,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_10/schedule b/test/JDBC/upgrade/14_10/schedule index bbbb8e106d..55152a236e 100644 --- a/test/JDBC/upgrade/14_10/schedule +++ b/test/JDBC/upgrade/14_10/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -387,7 +386,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -466,6 +464,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_11/schedule b/test/JDBC/upgrade/14_11/schedule index 65eb51c29f..904b55e662 100644 --- a/test/JDBC/upgrade/14_11/schedule +++ b/test/JDBC/upgrade/14_11/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -388,7 +387,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -464,6 +462,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_12/schedule b/test/JDBC/upgrade/14_12/schedule index ab8242e5b1..4496429181 100644 --- a/test/JDBC/upgrade/14_12/schedule +++ b/test/JDBC/upgrade/14_12/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -465,6 +463,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_13/schedule b/test/JDBC/upgrade/14_13/schedule index 63bab7b9e6..73fb109cb5 100644 --- a/test/JDBC/upgrade/14_13/schedule +++ b/test/JDBC/upgrade/14_13/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -465,6 +463,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_15/schedule b/test/JDBC/upgrade/14_15/schedule index 877f11450d..0c8141fa48 100644 --- a/test/JDBC/upgrade/14_15/schedule +++ b/test/JDBC/upgrade/14_15/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_16/schedule b/test/JDBC/upgrade/14_16/schedule index b438080723..d3c98b2634 100644 --- a/test/JDBC/upgrade/14_16/schedule +++ b/test/JDBC/upgrade/14_16/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -385,7 +384,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -464,6 +462,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_3/schedule b/test/JDBC/upgrade/14_3/schedule index 1f08255f0c..624464cebf 100644 --- a/test/JDBC/upgrade/14_3/schedule +++ b/test/JDBC/upgrade/14_3/schedule @@ -123,7 +123,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_5/schedule b/test/JDBC/upgrade/14_5/schedule index 8f84ea37c9..00b1b8995e 100644 --- a/test/JDBC/upgrade/14_5/schedule +++ b/test/JDBC/upgrade/14_5/schedule @@ -122,7 +122,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SP_COLUMNS_MANAGED-dep BABEL-SP_FKEYS BABEL-SP_FKEYS-dep diff --git a/test/JDBC/upgrade/14_6/schedule b/test/JDBC/upgrade/14_6/schedule index 4ef9d3301d..de6e4d8a4e 100644 --- a/test/JDBC/upgrade/14_6/schedule +++ b/test/JDBC/upgrade/14_6/schedule @@ -57,7 +57,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -137,7 +136,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -434,6 +432,7 @@ binary-datatype-operators BABEL-5059-before-14_7-or-15_2 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_7/schedule b/test/JDBC/upgrade/14_7/schedule index 7c4bba8860..c0ec8f00d9 100644 --- a/test/JDBC/upgrade/14_7/schedule +++ b/test/JDBC/upgrade/14_7/schedule @@ -59,7 +59,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -150,7 +149,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -456,6 +454,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_8/schedule b/test/JDBC/upgrade/14_8/schedule index a0973099a4..9309993909 100644 --- a/test/JDBC/upgrade/14_8/schedule +++ b/test/JDBC/upgrade/14_8/schedule @@ -59,7 +59,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -148,7 +147,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -458,6 +456,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_9/schedule b/test/JDBC/upgrade/14_9/schedule index 00912d1125..55ae86b826 100644 --- a/test/JDBC/upgrade/14_9/schedule +++ b/test/JDBC/upgrade/14_9/schedule @@ -131,7 +131,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -387,7 +386,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep @@ -461,6 +459,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_1/schedule b/test/JDBC/upgrade/15_1/schedule index 4b60791043..868f3c4745 100644 --- a/test/JDBC/upgrade/15_1/schedule +++ b/test/JDBC/upgrade/15_1/schedule @@ -57,7 +57,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -136,7 +135,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -433,6 +431,7 @@ binary-datatype-operators BABEL-5059-before-14_7-or-15_2 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_10/schedule b/test/JDBC/upgrade/15_10/schedule index 8abd8dcd14..2c5286edc6 100644 --- a/test/JDBC/upgrade/15_10/schedule +++ b/test/JDBC/upgrade/15_10/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -544,10 +542,16 @@ replace binary-datatype-operators BABEL-5059_before_16_5 SELECT_INTO_TEST +securityadmin_role cast-varchar-to-time xml_exist-before-16_5 BABEL-5119_before_16_5 +dbcreator_role +db_accessadmin +db_securityadmin BABEL-CASE_EXPR +datareader_datawriter +db_ddladmin BABEL-5186 BABEL-2736 smalldatetime_date_cmp diff --git a/test/JDBC/upgrade/15_11/schedule b/test/JDBC/upgrade/15_11/schedule index 9be485f3bf..74f8d07339 100644 --- a/test/JDBC/upgrade/15_11/schedule +++ b/test/JDBC/upgrade/15_11/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -167,7 +166,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -549,6 +547,7 @@ xml_exist-before-16_5 BABEL-5119_before_16_5 dbcreator_role db_accessadmin +db_ddladmin db_securityadmin BABEL-CASE_EXPR datareader_datawriter diff --git a/test/JDBC/upgrade/15_2/schedule b/test/JDBC/upgrade/15_2/schedule index d2a2571365..537a87511b 100644 --- a/test/JDBC/upgrade/15_2/schedule +++ b/test/JDBC/upgrade/15_2/schedule @@ -59,7 +59,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -149,7 +148,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -469,6 +467,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_3/schedule b/test/JDBC/upgrade/15_3/schedule index 2f52b1ec94..149d640dec 100644 --- a/test/JDBC/upgrade/15_3/schedule +++ b/test/JDBC/upgrade/15_3/schedule @@ -61,7 +61,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -159,7 +158,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -488,6 +486,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_4/schedule b/test/JDBC/upgrade/15_4/schedule index 7dc3eccbdf..c5ba86d4e8 100644 --- a/test/JDBC/upgrade/15_4/schedule +++ b/test/JDBC/upgrade/15_4/schedule @@ -61,7 +61,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -161,7 +160,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -501,6 +499,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_5/schedule b/test/JDBC/upgrade/15_5/schedule index 9c64d646e2..da2aed59a1 100644 --- a/test/JDBC/upgrade/15_5/schedule +++ b/test/JDBC/upgrade/15_5/schedule @@ -61,7 +61,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -165,7 +164,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -532,6 +530,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_6/schedule b/test/JDBC/upgrade/15_6/schedule index 4e43da9776..d8fe8f9c1d 100644 --- a/test/JDBC/upgrade/15_6/schedule +++ b/test/JDBC/upgrade/15_6/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -548,6 +546,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_7/schedule b/test/JDBC/upgrade/15_7/schedule index d5e355788c..13dc504c1e 100644 --- a/test/JDBC/upgrade/15_7/schedule +++ b/test/JDBC/upgrade/15_7/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -555,6 +553,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/15_8/schedule b/test/JDBC/upgrade/15_8/schedule index cb4d9a80f8..a003b5dcc7 100644 --- a/test/JDBC/upgrade/15_8/schedule +++ b/test/JDBC/upgrade/15_8/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -546,6 +544,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/16_1/schedule b/test/JDBC/upgrade/16_1/schedule index f409d17edb..62f3d3927b 100644 --- a/test/JDBC/upgrade/16_1/schedule +++ b/test/JDBC/upgrade/16_1/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -167,7 +166,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -541,6 +539,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin securityadmin_role dbcreator_role diff --git a/test/JDBC/upgrade/16_2/schedule b/test/JDBC/upgrade/16_2/schedule index f3d0e8c8f0..ad458fda01 100644 --- a/test/JDBC/upgrade/16_2/schedule +++ b/test/JDBC/upgrade/16_2/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -557,6 +555,7 @@ BABEL-5059_before_16_5 cast-varchar-to-time dbcreator_role db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/16_3/schedule b/test/JDBC/upgrade/16_3/schedule index 9f0f33502f..3c35a3fc75 100644 --- a/test/JDBC/upgrade/16_3/schedule +++ b/test/JDBC/upgrade/16_3/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -559,6 +557,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/16_4/schedule b/test/JDBC/upgrade/16_4/schedule index 2808b7da7b..efa6dc454b 100644 --- a/test/JDBC/upgrade/16_4/schedule +++ b/test/JDBC/upgrade/16_4/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -572,6 +570,7 @@ cast-varchar-to-time xml_exist-before-16_5 BABEL-5119_before_16_5 db_accessadmin +db_ddladmin db_securityadmin GRANT_SCHEMA-before-15_9-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/16_6/schedule b/test/JDBC/upgrade/16_6/schedule index 2e31cb0325..e25b92d182 100644 --- a/test/JDBC/upgrade/16_6/schedule +++ b/test/JDBC/upgrade/16_6/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -587,4 +585,5 @@ db_accessadmin datareader_datawriter dbcreator_role db_securityadmin +db_ddladmin diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 513124a17a..92bc9edb7f 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -584,6 +582,7 @@ BABEL-5119 dbcreator_role BABEL-5129 db_accessadmin +db_ddladmin db_securityadmin BABEL-CASE_EXPR charindex_replace_patindex