From 8100f17edc73ccb82865909b12c353f3b2b5b11a Mon Sep 17 00:00:00 2001 From: Tanzeel Khan <140405735+tanscorpio7@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:10:47 +0530 Subject: [PATCH 1/2] Support fixed database role db_ddladmin (#71) Support fixed database role db_ddladmin Engine PR : amazon-aurora/postgresql_modified_for_babelfish#101 Task : BABEL-5116 Signed-off-by: Tanzeel Khan tzlkhan@amazon.com Co-authored-by: Harsh Lunagaria lunharsh@amazon.com --- .github/workflows/jdbc-tests-db-collation.yml | 2 +- .../workflows/jdbc-tests-single-db-mode.yml | 2 +- ...ests-with-non-default-server-collation.yml | 2 +- .../jdbc-tests-with-parallel-query.yml | 2 +- .github/workflows/major-version-upgrade.yml | 2 +- .github/workflows/minor-version-upgrade.yml | 2 +- .github/workflows/pg_dump-restore-test.yml | 2 +- .github/workflows/pr-code-coverage.yml | 2 +- .../workflows/singledb-version-upgrade.yml | 2 +- .github/workflows/sql-validation-tests.yml | 2 +- .github/workflows/static-code-analyzer.yml | 2 +- .github/workflows/tap-tests.yml | 2 +- .github/workflows/unit-tests.yml | 2 +- .github/workflows/upgrade-test.yml | 2 +- .../babelfishpg_tsql/sql/babelfishpg_tsql.sql | 30 +- contrib/babelfishpg_tsql/sql/ownership.sql | 10 +- .../babelfishpg_tsql/sql/sys_functions.sql | 2 +- .../babelfishpg_tsql--4.4.0--5.0.0.sql | 163 ++- contrib/babelfishpg_tsql/src/catalog.c | 73 +- contrib/babelfishpg_tsql/src/catalog.h | 2 +- contrib/babelfishpg_tsql/src/dbcmds.c | 130 +- contrib/babelfishpg_tsql/src/hooks.c | 157 ++- contrib/babelfishpg_tsql/src/multidb.c | 26 + contrib/babelfishpg_tsql/src/multidb.h | 2 + contrib/babelfishpg_tsql/src/pl_exec-2.c | 3 +- contrib/babelfishpg_tsql/src/pl_handler.c | 67 +- contrib/babelfishpg_tsql/src/pltsql.h | 10 +- contrib/babelfishpg_tsql/src/pltsql_utils.c | 32 +- contrib/babelfishpg_tsql/src/schemacmds.c | 10 +- test/JDBC/expected/BABEL-2403.out | 12 + test/JDBC/expected/BABEL-2409.out | 2 + test/JDBC/expected/BABEL-LOGIN-USER-EXT.out | 25 + test/JDBC/expected/BABEL-USER.out | 5 + .../Test-sp_helpdbfixedrole-dep-vu-verify.out | 5 +- .../Test-sp_helpdbfixedrole-vu-verify.out | 6 +- .../Test_alter_db_rename-vu-verify.out | 3 + .../expected/Test_rename_db_single-db.out | 8 + .../Test_sp_rename_database-vu-verify.out | 3 + .../expected/Test_sp_renamedb-vu-verify.out | 3 + test/JDBC/expected/datareader_datawriter.out | 2 +- .../expected/db_accessadmin-vu-verify.out | 1 + test/JDBC/expected/db_ddladmin-vu-cleanup.out | 42 + test/JDBC/expected/db_ddladmin-vu-prepare.out | 95 ++ test/JDBC/expected/db_ddladmin-vu-verify.out | 1099 +++++++++++++++++ test/JDBC/expected/single_db/BABEL-2403.out | 12 + .../single_db/BABEL-LOGIN-USER-EXT.out | 23 + test/JDBC/expected/single_db/BABEL-USER.out | 5 + .../single_db/Test_rename_db_single-db.out | 8 + .../single_db/datareader_datawriter.out | 2 +- .../single_db/db_accessadmin-vu-verify.out | 1 + .../single_db/db_ddladmin-vu-verify.out | 1099 +++++++++++++++++ test/JDBC/input/BABEL-2409.mix | 2 + .../JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix | 4 +- .../BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql | 2 +- .../fixed_roles/db_ddladmin-vu-cleanup.sql | 42 + .../fixed_roles/db_ddladmin-vu-prepare.sql | 95 ++ .../fixed_roles/db_ddladmin-vu-verify.mix | 610 +++++++++ test/JDBC/upgrade/14_10/schedule | 1 + test/JDBC/upgrade/14_11/schedule | 1 + test/JDBC/upgrade/14_12/schedule | 1 + test/JDBC/upgrade/14_13/schedule | 1 + test/JDBC/upgrade/14_14/schedule | 1 + test/JDBC/upgrade/14_6/schedule | 1 + test/JDBC/upgrade/14_7/schedule | 1 + test/JDBC/upgrade/14_8/schedule | 1 + test/JDBC/upgrade/14_9/schedule | 1 + test/JDBC/upgrade/15_1/schedule | 1 + test/JDBC/upgrade/15_2/schedule | 1 + test/JDBC/upgrade/15_3/schedule | 1 + test/JDBC/upgrade/15_4/schedule | 1 + test/JDBC/upgrade/15_5/schedule | 1 + test/JDBC/upgrade/15_6/schedule | 1 + test/JDBC/upgrade/15_7/schedule | 1 + test/JDBC/upgrade/15_8/schedule | 1 + test/JDBC/upgrade/15_9/schedule | 1 + test/JDBC/upgrade/16_1/schedule | 1 + test/JDBC/upgrade/16_2/schedule | 1 + test/JDBC/upgrade/16_3/schedule | 1 + test/JDBC/upgrade/16_4/schedule | 1 + test/JDBC/upgrade/latest/schedule | 1 + 80 files changed, 3812 insertions(+), 172 deletions(-) create mode 100644 test/JDBC/expected/db_ddladmin-vu-cleanup.out create mode 100644 test/JDBC/expected/db_ddladmin-vu-prepare.out create mode 100644 test/JDBC/expected/db_ddladmin-vu-verify.out create mode 100644 test/JDBC/expected/single_db/db_ddladmin-vu-verify.out create mode 100644 test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql create mode 100644 test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql create mode 100644 test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix diff --git a/.github/workflows/jdbc-tests-db-collation.yml b/.github/workflows/jdbc-tests-db-collation.yml index c3082fdc89..fe0b2210bf 100644 --- a/.github/workflows/jdbc-tests-db-collation.yml +++ b/.github/workflows/jdbc-tests-db-collation.yml @@ -1,5 +1,5 @@ name: JDBC Tests DB COLLATION -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-single-db-mode.yml b/.github/workflows/jdbc-tests-single-db-mode.yml index fdc2dc127a..c41282acad 100644 --- a/.github/workflows/jdbc-tests-single-db-mode.yml +++ b/.github/workflows/jdbc-tests-single-db-mode.yml @@ -1,5 +1,5 @@ name: JDBC Tests With Single-DB Migration Mode -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-with-non-default-server-collation.yml b/.github/workflows/jdbc-tests-with-non-default-server-collation.yml index 5ee0a0325e..e51fc1ca45 100644 --- a/.github/workflows/jdbc-tests-with-non-default-server-collation.yml +++ b/.github/workflows/jdbc-tests-with-non-default-server-collation.yml @@ -1,5 +1,5 @@ name: JDBC Tests with Non Default Server Collation -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-with-parallel-query.yml b/.github/workflows/jdbc-tests-with-parallel-query.yml index 390f2f0246..16ad0fd857 100644 --- a/.github/workflows/jdbc-tests-with-parallel-query.yml +++ b/.github/workflows/jdbc-tests-with-parallel-query.yml @@ -1,5 +1,5 @@ name: JDBC Tests With Parallel Query -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-jdbc-tests-with-parallel-query-mode: diff --git a/.github/workflows/major-version-upgrade.yml b/.github/workflows/major-version-upgrade.yml index 6ab90b1bd2..c472548b1e 100644 --- a/.github/workflows/major-version-upgrade.yml +++ b/.github/workflows/major-version-upgrade.yml @@ -1,5 +1,5 @@ name: Major Version Upgrade Tests for empty database -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-mvu-tests: diff --git a/.github/workflows/minor-version-upgrade.yml b/.github/workflows/minor-version-upgrade.yml index 873354e4a6..7f19120ebe 100644 --- a/.github/workflows/minor-version-upgrade.yml +++ b/.github/workflows/minor-version-upgrade.yml @@ -1,5 +1,5 @@ name: Minor Version Upgrade Tests for empty database -on: [] +on: [pull_request] jobs: extension-tests: diff --git a/.github/workflows/pg_dump-restore-test.yml b/.github/workflows/pg_dump-restore-test.yml index 0807cf3dc0..6174bc4af4 100644 --- a/.github/workflows/pg_dump-restore-test.yml +++ b/.github/workflows/pg_dump-restore-test.yml @@ -1,5 +1,5 @@ name: pg_dump/restore Test Framework -on: [push, pull_request] +on: [pull_request] jobs: generate-dump-restore-tests: diff --git a/.github/workflows/pr-code-coverage.yml b/.github/workflows/pr-code-coverage.yml index 476c2d7eb4..0ca9814aeb 100644 --- a/.github/workflows/pr-code-coverage.yml +++ b/.github/workflows/pr-code-coverage.yml @@ -1,5 +1,5 @@ name: Tests -on: [push, pull_request] +on: [pull_request] jobs: diff --git a/.github/workflows/singledb-version-upgrade.yml b/.github/workflows/singledb-version-upgrade.yml index a35d90dc18..b72548c741 100644 --- a/.github/workflows/singledb-version-upgrade.yml +++ b/.github/workflows/singledb-version-upgrade.yml @@ -1,5 +1,5 @@ name: Major Version Upgrade Tests for singledb mode -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-mvu-tests-singledb: diff --git a/.github/workflows/sql-validation-tests.yml b/.github/workflows/sql-validation-tests.yml index 5fedaa0a58..3abfe077b1 100644 --- a/.github/workflows/sql-validation-tests.yml +++ b/.github/workflows/sql-validation-tests.yml @@ -1,5 +1,5 @@ name: Validate Installation/Upgrade Scripts -on: [push, pull_request] +on: [pull_request] jobs: run-sql-validation-tests: diff --git a/.github/workflows/static-code-analyzer.yml b/.github/workflows/static-code-analyzer.yml index f7b22e75ed..910afa2667 100644 --- a/.github/workflows/static-code-analyzer.yml +++ b/.github/workflows/static-code-analyzer.yml @@ -1,5 +1,5 @@ name: Static Code Analyzer -on: [push, pull_request] +on: [pull_request] jobs: run-static-code-analyzer: diff --git a/.github/workflows/tap-tests.yml b/.github/workflows/tap-tests.yml index bbc6c861ea..31a7aa6d26 100644 --- a/.github/workflows/tap-tests.yml +++ b/.github/workflows/tap-tests.yml @@ -1,5 +1,5 @@ name: TAP Tests -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-tap-tests: diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index cc9f9930ac..442cee65bf 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -1,5 +1,5 @@ name: Unit Tests -on: [push, pull_request] +on: [pull_request] jobs: run-babelfish-unit-tests: diff --git a/.github/workflows/upgrade-test.yml b/.github/workflows/upgrade-test.yml index 29b24c9715..a817a2736c 100644 --- a/.github/workflows/upgrade-test.yml +++ b/.github/workflows/upgrade-test.yml @@ -1,5 +1,5 @@ name: Version Upgrade Test Framework -on: [push, pull_request] +on: [pull_request] jobs: generate-version-upgrade-tests: diff --git a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql index 30aec2800a..bd648a86d0 100644 --- a/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql +++ b/contrib/babelfishpg_tsql/sql/babelfishpg_tsql.sql @@ -2122,7 +2122,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') ORDER BY UserName, RoleName; END -- If the security account is the db fixed role - db_owner @@ -2154,7 +2154,7 @@ BEGIN WHERE Ext1.database_name = DB_NAME() AND Ext2.database_name = DB_NAME() AND Ext1.type = 'R' - AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY Role_name, Users_in_role; END @@ -2192,7 +2192,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY UserName, RoleName; END @@ -2352,19 +2352,19 @@ CREATE OR REPLACE PROCEDURE sys.sp_helpdbfixedrole("@rolename" sys.SYSNAME = NUL $$ BEGIN -- Returns a list of the fixed database roles. - IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter') + IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') BEGIN SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM ( VALUES ('db_owner', 'DB Owners'), ('db_accessadmin', 'DB Access Administrators'), ('db_securityadmin', 'DB Security Administrators'), ('db_datareader', 'DB Data Reader'), - ('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description) + ('db_datawriter', 'DB Data Writer'), + ('db_ddladmin', 'DB DDL Administrators')) x(DbFixedRole, Description) WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole; END ELSE IF LOWER(RTRIM(@rolename)) IN ( - 'db_ddladmin', 'db_backupoperator', - 'db_denydatareader', 'db_denydatawriter') + 'db_backupoperator', 'db_denydatareader', 'db_denydatawriter') BEGIN -- Return an empty result set instead of raising an error SELECT CAST(NULL AS sys.SYSNAME) AS DbFixedRole, CAST(NULL AS sys.nvarchar(70)) AS Description @@ -3017,6 +3017,22 @@ BEGIN WHERE s1.name = @schemaname AND o1.name = @subname; SELECT @count = COUNT(*) FROM #tempTable; + IF @count < 1 + BEGIN + -- sys.objects does not show routines which current user cannot execute but + -- roles like db_ddladmin allow renaming a procedure even though they cannot + -- execute it, so search again in pg_proc if count is zero + DROP TABLE #tempTable; + SELECT CAST(CASE + WHEN p.prokind = 'p' THEN 'P' + WHEN p.prokind = 'a' THEN 'AF' + WHEN format_type(p.prorettype, NULL) = 'trigger' THEN 'TR' + ELSE 'FN' + END as sys.bpchar(2)) AS type INTO #tempTable + FROM pg_proc p INNER JOIN sys.schemas s1 ON p.pronamespace = s1.schema_id + WHERE s1.name = @schemaname AND CAST(p.proname AS sys.sysname) = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + END IF @count > 1 BEGIN THROW 33557097, N'There are multiple objects with the given @objname.', 1; diff --git a/contrib/babelfishpg_tsql/sql/ownership.sql b/contrib/babelfishpg_tsql/sql/ownership.sql index 7e9e62a338..e416126966 100644 --- a/contrib/babelfishpg_tsql/sql/ownership.sql +++ b/contrib/babelfishpg_tsql/sql/ownership.sql @@ -262,13 +262,13 @@ DECLARE reserved_roles varchar[] := ARRAY['sysadmin', 'securityadmin', 'dbcreator', 'master_dbo', 'master_guest', 'master_db_owner', 'master_db_accessadmin', 'master_db_securityadmin', - 'master_db_datareader', 'master_db_datawriter', + 'master_db_datareader', 'master_db_datawriter', 'master_db_ddladmin', 'tempdb_dbo', 'tempdb_guest', 'tempdb_db_owner', 'tempdb_db_accessadmin', 'tempdb_db_securityadmin', - 'tempdb_db_datareader', 'tempdb_db_datawriter', + 'tempdb_db_datareader', 'tempdb_db_datawriter', 'tempdb_db_ddladmin', 'msdb_dbo', 'msdb_guest', 'msdb_db_owner', 'msdb_db_accessadmin', 'msdb_db_securityadmin', - 'msdb_db_datareader', 'msdb_db_datawriter']; + 'msdb_db_datareader', 'msdb_db_datawriter', 'msdb_db_ddladmin']; user_id oid := -1; db_name name := NULL; role_name varchar; @@ -297,7 +297,7 @@ BEGIN EXECUTE format('CREATE ROLE securityadmin CREATEROLE INHERIT PASSWORD NULL'); EXECUTE format('CREATE ROLE dbcreator CREATEDB INHERIT PASSWORD NULL'); EXECUTE format('CREATE ROLE bbf_role_admin CREATEDB CREATEROLE INHERIT PASSWORD NULL'); - EXECUTE format('GRANT CREATE ON DATABASE %s TO bbf_role_admin WITH GRANT OPTION', CURRENT_DATABASE()); + EXECUTE format('GRANT CREATE ON DATABASE %s TO bbf_role_admin', CURRENT_DATABASE()); EXECUTE format('GRANT %I to bbf_role_admin WITH ADMIN TRUE;', sa_name); EXECUTE format('CREATE ROLE sysadmin CREATEDB CREATEROLE INHERIT ROLE %I', sa_name); EXECUTE format('GRANT sysadmin TO bbf_role_admin WITH ADMIN TRUE'); @@ -470,7 +470,7 @@ ON Base.rolname = Ext.rolname LEFT OUTER JOIN pg_catalog.pg_roles Base2 ON Ext.login_name = Base2.rolname WHERE Ext.database_name = DB_NAME() - AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible + AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin', 'guest') -- system users should always be visible OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of UNION ALL SELECT diff --git a/contrib/babelfishpg_tsql/sql/sys_functions.sql b/contrib/babelfishpg_tsql/sql/sys_functions.sql index 3517af08a5..20a7f613a6 100644 --- a/contrib/babelfishpg_tsql/sql/sys_functions.sql +++ b/contrib/babelfishpg_tsql/sql/sys_functions.sql @@ -4501,7 +4501,7 @@ BEGIN END IF; ELSIF EXISTS (SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE orig_username = role COLLATE sys.database_default) THEN - IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')) + IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin')) THEN RETURN 1; ELSIF EXISTS (SELECT name FROM sys.user_token WHERE name = role COLLATE sys.database_default) THEN RETURN 1; -- Return 1 if current session user is a member of role or windows group diff --git a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--5.0.0.sql b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--5.0.0.sql index 3c83043cfc..318c4232f9 100644 --- a/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--5.0.0.sql +++ b/contrib/babelfishpg_tsql/sql/upgrades/babelfishpg_tsql--4.4.0--5.0.0.sql @@ -38,6 +38,17 @@ LANGUAGE plpgsql; * final behaviour. */ +/* + * Do this so that whenever we run grant statements during create logical database + * bbf_role_admin is never picked as the grantor + */ +DO $$ +BEGIN + EXECUTE format('REVOKE GRANT OPTION FOR CREATE ON DATABASE %s FROM bbf_role_admin; ', CURRENT_DATABASE()); +END; +$$ LANGUAGE plpgsql; + + CREATE OR REPLACE VIEW information_schema_tsql.table_constraints AS SELECT CAST(nc.dbname AS sys.nvarchar(128)) AS "CONSTRAINT_CATALOG", CAST(extc.orig_name AS sys.nvarchar(128)) AS "CONSTRAINT_SCHEMA", @@ -284,7 +295,9 @@ AS INT) AS dbcreator, CAST(0 AS INT) AS bulkadmin FROM sys.server_principals AS Base WHERE Base.type in ('S', 'U'); + GRANT SELECT ON sys.syslogins TO PUBLIC; + CREATE OR REPLACE FUNCTION sys.is_member(IN role sys.SYSNAME) RETURNS INT AS $$ @@ -305,7 +318,7 @@ BEGIN END IF; ELSIF EXISTS (SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE orig_username = role COLLATE sys.database_default) THEN - IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter')) + IF (((SELECT orig_username FROM sys.babelfish_authid_user_ext WHERE rolname = CURRENT_USER) = 'dbo' COLLATE sys.database_default) AND role COLLATE sys.database_default IN ('db_owner', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin')) THEN RETURN 1; ELSIF EXISTS (SELECT name FROM sys.user_token WHERE name = role COLLATE sys.database_default) THEN RETURN 1; -- Return 1 if current session user is a member of role or windows group @@ -349,7 +362,7 @@ ON Base.rolname = Ext.rolname LEFT OUTER JOIN pg_catalog.pg_roles Base2 ON Ext.login_name = Base2.rolname WHERE Ext.database_name = DB_NAME() - AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'guest') -- system users should always be visible + AND (Ext.orig_username IN ('dbo', 'db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin', 'guest') -- system users should always be visible OR pg_has_role(Ext.rolname, 'MEMBER')) -- Current user should be able to see users it has permission of UNION ALL SELECT @@ -376,19 +389,22 @@ CAST(NULL AS SYS.SYSNAME) AS default_language_name, CAST(-1 AS INT) AS default_language_lcid, CAST(0 AS SYS.BIT) AS allow_encrypted_value_modifications FROM (VALUES ('public', 'R'), ('sys', 'S'), ('INFORMATION_SCHEMA', 'S')) as dummy_principals(name, type); + GRANT SELECT ON sys.database_principals TO PUBLIC; + CREATE OR REPLACE PROCEDURE sys.sp_helpdbfixedrole("@rolename" sys.SYSNAME = NULL) AS $$ BEGIN -- Returns a list of the fixed database roles. - IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter') + IF LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) IN ('db_owner', 'db_accessadmin', 'db_securityadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') BEGIN SELECT CAST(DbFixedRole as sys.SYSNAME) AS DbFixedRole, CAST(Description AS sys.nvarchar(70)) AS Description FROM ( VALUES ('db_owner', 'DB Owners'), ('db_accessadmin', 'DB Access Administrators'), ('db_securityadmin', 'DB Security Administrators'), ('db_datareader', 'DB Data Reader'), - ('db_datawriter', 'DB Data Writer')) x(DbFixedRole, Description) + ('db_datawriter', 'DB Data Writer'), + ('db_ddladmin', 'DB DDL Administrators')) x(DbFixedRole, Description) WHERE LOWER(RTRIM(@rolename)) IS NULL OR LOWER(RTRIM(@rolename)) = DbFixedRole; END ELSE IF LOWER(RTRIM(@rolename)) IN ( @@ -404,6 +420,7 @@ BEGIN END $$ LANGUAGE 'pltsql'; + GRANT EXECUTE ON PROCEDURE sys.sp_helpdbfixedrole TO PUBLIC; CREATE OR REPLACE PROCEDURE sys.sp_helpuser("@name_in_db" sys.SYSNAME = NULL) AS @@ -438,7 +455,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') ORDER BY UserName, RoleName; END -- If the security account is the db fixed role - db_owner @@ -470,7 +487,7 @@ BEGIN WHERE Ext1.database_name = DB_NAME() AND Ext2.database_name = DB_NAME() AND Ext1.type = 'R' - AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext2.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY Role_name, Users_in_role; END @@ -508,7 +525,7 @@ BEGIN LEFT OUTER JOIN pg_catalog.pg_roles AS Base4 ON Base4.rolname = Bsdb.owner WHERE Ext1.database_name = DB_NAME() AND (Ext1.type != 'R' OR Ext1.type != 'A') - AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter') + AND Ext1.orig_username NOT IN ('db_owner', 'db_securityadmin', 'db_accessadmin', 'db_datareader', 'db_datawriter', 'db_ddladmin') AND (Ext1.orig_username = @name_in_db OR pg_catalog.lower(Ext1.orig_username) = pg_catalog.lower(@name_in_db)) ORDER BY UserName, RoleName; END @@ -518,6 +535,7 @@ BEGIN END; $$ LANGUAGE 'pltsql'; + GRANT EXECUTE on PROCEDURE sys.sp_helpuser TO PUBLIC; CREATE OR REPLACE VIEW sys.sp_column_privileges_view AS @@ -537,6 +555,7 @@ FROM pg_catalog.pg_class t1 JOIN pg_attribute t6 ON t6.attrelid = t1.oid AND t6.attname = t5.column_name JOIN sys.babelfish_authid_user_ext ext ON ext.rolname = t5.grantee WHERE ext.orig_username NOT IN ('db_datawriter', 'db_datareader'); + CREATE OR REPLACE PROCEDURE sys.sp_column_privileges( "@table_name" sys.sysname, "@table_owner" sys.sysname = '', @@ -614,7 +633,9 @@ BEGIN END; $$ LANGUAGE 'pltsql'; + GRANT EXECUTE ON PROCEDURE sys.sp_column_privileges TO PUBLIC; + CREATE OR REPLACE VIEW sys.sp_table_privileges_view AS -- Will use sp_column_priivleges_view to get information from SELECT, INSERT and REFERENCES (only need permission from 1 column in table) SELECT DISTINCT @@ -688,6 +709,7 @@ BEGIN END; $$ LANGUAGE 'pltsql'; + GRANT EXECUTE ON PROCEDURE sys.sp_table_privileges TO PUBLIC; -- sp_helpsrvrolemember @@ -738,8 +760,135 @@ BEGIN END; $$ LANGUAGE 'pltsql'; + GRANT EXECUTE ON PROCEDURE sys.sp_helpsrvrolemember TO PUBLIC; +CREATE OR REPLACE PROCEDURE sys.sp_rename( + IN "@objname" sys.nvarchar(776) = NULL, + IN "@newname" sys.SYSNAME = NULL, + IN "@objtype" sys.varchar(13) DEFAULT NULL +) +LANGUAGE 'pltsql' +AS $$ +BEGIN + SET @objtype = TRIM(@objtype); + If @objtype IS NULL + BEGIN + THROW 33557097, N'Please provide @objtype that is supported in Babelfish', 1; + END + ELSE IF @objtype = 'INDEX' + BEGIN + THROW 33557097, N'Feature not supported: renaming object type Index', 1; + END + ELSE IF @objtype = 'STATISTICS' + BEGIN + THROW 33557097, N'Feature not supported: renaming object type Statistics', 1; + END + ELSE IF @objtype = 'DATABASE' + BEGIN + exec sys.sp_renamedb @objname, @newname; + END + ELSE + BEGIN + DECLARE @subname sys.nvarchar(776); + DECLARE @schemaname sys.nvarchar(776); + DECLARE @dbname sys.nvarchar(776); + DECLARE @curr_relname sys.nvarchar(776); + + EXEC sys.babelfish_sp_rename_word_parse @objname, @objtype, @subname OUT, @curr_relname OUT, @schemaname OUT, @dbname OUT; + DECLARE @currtype char(2); + IF @objtype = 'COLUMN' + BEGIN + DECLARE @col_count INT; + SELECT @col_count = COUNT(*)FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @curr_relname and COLUMN_NAME = @subname; + IF @col_count < 0 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + SET @currtype = 'CO'; + END + ELSE IF @objtype = 'USERDATATYPE' + BEGIN + DECLARE @alias_count INT; + SELECT @alias_count = COUNT(*) FROM sys.types t1 INNER JOIN sys.schemas s1 ON t1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND t1.name = @subname; + IF @alias_count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + IF @alias_count < 1 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + SET @currtype = 'AL'; + END + ELSE IF @objtype = 'OBJECT' + BEGIN + DECLARE @count INT; + SELECT type INTO #tempTable FROM sys.objects o1 INNER JOIN sys.schemas s1 ON o1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND o1.name = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + IF @count < 1 + BEGIN + -- sys.objects does not show routines which current user cannot execute but + -- roles like db_ddladmin allow renaming a procedure even though they cannot + -- execute it, so search again in pg_proc if count is zero + DROP TABLE #tempTable; + SELECT CAST(CASE + WHEN p.prokind = 'p' THEN 'P' + WHEN p.prokind = 'a' THEN 'AF' + WHEN format_type(p.prorettype, NULL) = 'trigger' THEN 'TR' + ELSE 'FN' + END as sys.bpchar(2)) AS type INTO #tempTable + FROM pg_proc p INNER JOIN sys.schemas s1 ON p.pronamespace = s1.schema_id + WHERE s1.name = @schemaname AND CAST(p.proname AS sys.sysname) = @subname; + SELECT @count = COUNT(*) FROM #tempTable; + END + IF @count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + IF @count < 1 + BEGIN + -- TABLE TYPE: check if there is a match in sys.table_types (if we cannot alter sys.objects table_type naming) + SELECT @count = COUNT(*) FROM sys.table_types tt1 INNER JOIN sys.schemas s1 ON tt1.schema_id = s1.schema_id + WHERE s1.name = @schemaname AND tt1.name = @subname; + IF @count > 1 + BEGIN + THROW 33557097, N'There are multiple objects with the given @objname.', 1; + END + ELSE IF @count < 1 + BEGIN + THROW 33557097, N'There is no object with the given @objname.', 1; + END + ELSE + BEGIN + SET @currtype = 'TT' + END + END + IF @currtype IS NULL + BEGIN + SELECT @currtype = type from #tempTable; + END + IF @currtype = 'TR' OR @currtype = 'TA' + BEGIN + DECLARE @physical_schema_name sys.nvarchar(776) = ''; + SELECT @physical_schema_name = nspname FROM sys.babelfish_namespace_ext WHERE dbid = sys.db_id() AND orig_name = @schemaname; + SELECT @curr_relname = relname FROM pg_catalog.pg_trigger tr LEFT JOIN pg_catalog.pg_class c ON tr.tgrelid = c.oid LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid + WHERE tr.tgname = @subname AND n.nspname = @physical_schema_name; + END + END + ELSE + BEGIN + THROW 33557097, N'Provided @objtype is not currently supported in Babelfish', 1; + END + EXEC sys.babelfish_sp_rename_internal @subname, @newname, @schemaname, @currtype, @curr_relname; + PRINT 'Caution: Changing any part of an object name could break scripts and stored procedures.'; + END +END; +$$; +GRANT EXECUTE on PROCEDURE sys.sp_rename(IN sys.nvarchar(776), IN sys.SYSNAME, IN sys.varchar(13)) TO PUBLIC; + -- Drops the temporary procedure used by the upgrade script. -- Please have this be one of the last statements executed in this upgrade script. DROP PROCEDURE sys.babelfish_drop_deprecated_object(varchar, varchar, varchar); diff --git a/contrib/babelfishpg_tsql/src/catalog.c b/contrib/babelfishpg_tsql/src/catalog.c index 61562781a7..79045e2ae9 100644 --- a/contrib/babelfishpg_tsql/src/catalog.c +++ b/contrib/babelfishpg_tsql/src/catalog.c @@ -4264,19 +4264,40 @@ grant_perms_to_objects_in_schema(const char *schema_name, * implicitly at the time of CREATE function/procedure. */ void -exec_internal_grant_on_function(const char *logicalschema, - const char *object_name, - const char *object_type) +exec_internal_grant_on_function(Oid objectId) { SysScanDesc scan; Relation bbf_schema_rel; TupleDesc dsc; HeapTuple tuple_bbf_schema; + HeapTuple proc_tuple; const char *grantee = NULL; int current_permission; ScanKeyData scanKey[3]; int16 dbid = get_cur_db_id(); - const char *db_name = get_cur_db_name(); + Oid phy_sch_oid; + char *object_name; + char *schema; + const char *logicalschema; + char object_type; + Form_pg_proc procedureStruct; + + /* TSQL specific behavior */ + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return; + + proc_tuple = SearchSysCache1(PROCOID, + ObjectIdGetDatum(objectId)); + if (!HeapTupleIsValid(proc_tuple)) + elog(ERROR, "cache lookup failed for function %u", objectId); + + procedureStruct = (Form_pg_proc) GETSTRUCT(proc_tuple); + + object_name = NameStr(procedureStruct->proname); + phy_sch_oid = procedureStruct->pronamespace; + schema = get_namespace_name(phy_sch_oid); + logicalschema = get_logical_schema_name(schema, true); + object_type = procedureStruct->prokind; /* Fetch the relation */ bbf_schema_rel = table_open(get_bbf_schema_perms_oid(), @@ -4317,16 +4338,15 @@ exec_internal_grant_on_function(const char *logicalschema, if (current_permission & ALL_PERMISSIONS_ON_FUNCTION) { const char *query = NULL; - char *schema; List *res; GrantStmt *grant; PlannedStmt *wrapper; + Oid save_userid; + int save_sec_context; - schema = get_physical_schema_name((char *)db_name, logicalschema); - - if (strcmp(object_type, OBJ_FUNCTION) == 0) + if (object_type == PROKIND_FUNCTION) query = psprintf("GRANT EXECUTE ON FUNCTION [%s].[%s] TO %s", schema, object_name, grantee); - else if (strcmp(object_type, OBJ_PROCEDURE) == 0) + else if (object_type == PROKIND_PROCEDURE) query = psprintf("GRANT EXECUTE ON PROCEDURE [%s].[%s] TO %s", schema, object_name, grantee); res = raw_parser(query, RAW_PARSE_DEFAULT); grant = (GrantStmt *) parsetree_nth_stmt(res, 0); @@ -4339,20 +4359,37 @@ exec_internal_grant_on_function(const char *logicalschema, wrapper->stmt_location = 0; wrapper->stmt_len = 1; - /* do this step */ - ProcessUtility(wrapper, - INTERNAL_GRANT_STATEMENT, - false, - PROCESS_UTILITY_SUBCOMMAND, - NULL, - NULL, - None_Receiver, - NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + + PG_TRY(); + { + /* + * babelfish routines could be transferred to schema owner during creation so + * current user may not have grant privilege on this routine when we reach here + */ + SetUserIdAndSecContext(procedureStruct->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + ProcessUtility(wrapper, + INTERNAL_GRANT_STATEMENT, + false, + PROCESS_UTILITY_SUBCOMMAND, + NULL, + NULL, + None_Receiver, + NULL); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); } tuple_bbf_schema = systable_getnext(scan); } systable_endscan(scan); table_close(bbf_schema_rel, AccessShareLock); + pfree(schema); + ReleaseSysCache(proc_tuple); } PG_FUNCTION_INFO_V1(update_user_catalog_for_guest_schema); diff --git a/contrib/babelfishpg_tsql/src/catalog.h b/contrib/babelfishpg_tsql/src/catalog.h index 111583dd2d..ac5b44afb4 100644 --- a/contrib/babelfishpg_tsql/src/catalog.h +++ b/contrib/babelfishpg_tsql/src/catalog.h @@ -374,7 +374,7 @@ extern void remove_entry_from_bbf_schema_perms(const char *schema_name, const ch extern void add_or_update_object_in_bbf_schema(const char *schema_name, const char *object_name, int new_permission, const char *grantee, const char *object_type, bool is_grant, const char *func_args); extern void clean_up_bbf_schema_permissions(const char *schema_name, const char *object_name, bool is_schema); extern void grant_perms_to_objects_in_schema(const char *schema_name, int permission, const char *grantee); -extern void exec_internal_grant_on_function(const char *logicalschema, const char *object_name, const char *object_type); +extern void exec_internal_grant_on_function(Oid objectId); /***************************************** * DOMAIN MAPPING diff --git a/contrib/babelfishpg_tsql/src/dbcmds.c b/contrib/babelfishpg_tsql/src/dbcmds.c index a538f1e0c0..53d69ac8d1 100644 --- a/contrib/babelfishpg_tsql/src/dbcmds.c +++ b/contrib/babelfishpg_tsql/src/dbcmds.c @@ -88,6 +88,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner) const char *db_owner; const char *db_accessadmin; const char *db_securityadmin; + const char *db_ddladmin; const char *guest; const char *guest_schema; Oid owner_oid; @@ -105,6 +106,7 @@ gen_createdb_subcmds(const char *dbname, const char *owner) owner_oid = get_role_oid(owner, true); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); if (superuser_arg(owner_oid) || role_is_sa(owner_oid)) owner_is_sa_or_superuser = true; @@ -133,6 +135,10 @@ gen_createdb_subcmds(const char *dbname, const char *owner) appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); + /* create db_ddladmin for database */ + appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); + appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); + if (guest) { appendStringInfo(&query, "CREATE ROLE dummy INHERIT ROLE dummy; "); @@ -154,13 +160,13 @@ gen_createdb_subcmds(const char *dbname, const char *owner) if (guest) { if (!owner_is_sa_or_superuser) - expected_stmt_num = list_length(logins) > 0 ? 16 : 15; + expected_stmt_num = list_length(logins) > 0 ? 18 : 17; else - expected_stmt_num = list_length(logins) > 0 ? 15 : 14; + expected_stmt_num = list_length(logins) > 0 ? 17 : 16; } else { - expected_stmt_num = 12; + expected_stmt_num = 14; if (!owner_is_sa_or_superuser) expected_stmt_num++; @@ -208,6 +214,12 @@ gen_createdb_subcmds(const char *dbname, const char *owner) stmt = parsetree_nth_stmt(res, i++); update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_securityadmin, NULL); + stmt = parsetree_nth_stmt(res, i++); + update_CreateRoleStmt(stmt, db_ddladmin, db_owner, NULL); + + stmt = parsetree_nth_stmt(res, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + if (guest) { stmt = parsetree_nth_stmt(res, i++); @@ -255,6 +267,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) const char *db_securityadmin; const char *db_datareader; const char *db_datawriter; + const char *db_ddladmin; const char *guest; dbo = get_dbo_role_name(dbname); @@ -264,6 +277,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) guest = get_guest_role_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); add_to_bbf_authid_user_ext(dbo, DBO, dbname, DBO, NULL, false, true, false); add_to_bbf_authid_user_ext(db_owner, DB_OWNER, dbname, NULL, NULL, true, true, false); @@ -271,6 +285,7 @@ add_fixed_user_roles_to_bbf_authid_user_ext(const char *dbname) add_to_bbf_authid_user_ext(db_securityadmin, DB_SECURITYADMIN, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datareader, DB_DATAREADER, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datawriter, DB_DATAWRITER, dbname, NULL, NULL, true, false, false); + add_to_bbf_authid_user_ext(db_ddladmin, DB_DDLADMIN, dbname, NULL, NULL, true, false, false); /* * For master, tempdb and msdb databases, the guest user will be @@ -298,7 +313,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) List *stmt_list; ListCell *elem; Node *stmt; - int expected_stmts = 12; + int expected_stmts = 14; int i = 0; const char *dbo; const char *db_owner; @@ -308,6 +323,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) const char *guest_schema; const char *db_datareader; const char *db_datawriter; + const char *db_ddladmin; dbo = get_dbo_role_name(dbname); db_owner = get_db_owner_name(dbname); @@ -317,6 +333,7 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) guest_schema = get_guest_schema_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); initStringInfo(&query); appendStringInfo(&query, "DROP SCHEMA dummy CASCADE; "); @@ -326,29 +343,32 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) foreach(elem, db_users) { char *user_name = (char *) lfirst(elem); + char *original_user_name = get_authid_user_ext_original_name(user_name, dbname); - if (strcmp(user_name, db_owner) != 0 && - strcmp(user_name, dbo) != 0 && - strcmp(user_name, db_accessadmin) != 0 && - strcmp(user_name, db_securityadmin) != 0 && - strcmp(user_name, db_datareader) != 0 && - strcmp(user_name, db_datawriter) != 0) + if (!IS_FIXED_DB_PRINCIPAL(original_user_name)) { appendStringInfo(&query, "DROP OWNED BY dummy CASCADE; "); appendStringInfo(&query, "DROP ROLE dummy; "); expected_stmts += 2; } + + pfree(original_user_name); } - appendStringInfo(&query, "DROP OWNED BY dummy, dummy, dummy, dummy CASCADE; "); + appendStringInfo(&query, "DROP OWNED BY dummylist CASCADE; "); /* - * Then drop db_datareader, db_datawriter, db_securityadmin, db_accessadmin, + * Then drop db_ddladmin, db_datareader, db_datawriter, db_securityadmin, db_accessadmin, * db_owner and dbo in that order */ + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); + appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "DROP ROLE dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); + appendStringInfo(&query, "REVOKE CREATE ON DATABASE dummy FROM dummy; "); appendStringInfo(&query, "DROP ROLE dummy; "); appendStringInfo(&query, "REVOKE CREATE, CONNECT, TEMPORARY ON DATABASE dummy FROM dummy; "); @@ -372,13 +392,9 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) foreach(elem, db_users) { char *user_name = (char *) lfirst(elem); + char *original_user_name = get_authid_user_ext_original_name(user_name, dbname); - if (strcmp(user_name, db_owner) != 0 && - strcmp(user_name, dbo) != 0 && - strcmp(user_name, db_accessadmin) != 0 && - strcmp(user_name, db_securityadmin) != 0 && - strcmp(user_name, db_datareader) != 0 && - strcmp(user_name, db_datawriter) != 0) + if (!IS_FIXED_DB_PRINCIPAL(original_user_name)) { stmt = parsetree_nth_stmt(stmt_list, i++); update_DropOwnedStmt(stmt, list_make1(user_name)); @@ -386,11 +402,18 @@ gen_dropdb_subcmds(const char *dbname, List *db_users) stmt = parsetree_nth_stmt(stmt_list, i++); update_DropRoleStmt(stmt, user_name); } + + pfree(original_user_name); } stmt = parsetree_nth_stmt(stmt_list, i++); - update_DropOwnedStmt(stmt, list_make4(pstrdup(db_securityadmin), pstrdup(db_accessadmin), pstrdup(db_owner), pstrdup(dbo))); + update_DropOwnedStmt(stmt, list_make5(pstrdup(db_ddladmin), pstrdup(db_securityadmin), pstrdup(db_accessadmin), pstrdup(db_owner), pstrdup(dbo))); + stmt = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + stmt = parsetree_nth_stmt(stmt_list, i++); + update_DropRoleStmt(stmt, db_ddladmin); + stmt = parsetree_nth_stmt(stmt_list, i++); update_DropRoleStmt(stmt, db_datareader); stmt = parsetree_nth_stmt(stmt_list, i++); @@ -583,7 +606,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co const char *old_createrole_self_grant; ListCell *option; const char *database_collation_name = NULL; - Oid datdba; /* Check options */ foreach(option, options) @@ -687,7 +709,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co old_dbname = get_cur_db_name(); set_cur_db(dbid, dbname); /* temporarily set current dbid as the new id */ dbo_role = get_dbo_role_name(dbname); - datdba = get_sysadmin_oid(); PG_TRY(); { @@ -713,12 +734,6 @@ create_bbf_db_internal(ParseState *pstate, const char *dbname, List *options, co save_sec_context | SECURITY_LOCAL_USERID_CHANGE); is_set_userid = true; } - else if (stmt->type == T_GrantStmt) - { - SetUserIdAndSecContext(datdba, - save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - is_set_userid = true; - } /* need to make a wrapper PlannedStmt */ wrapper = makeNode(PlannedStmt); wrapper->commandType = CMD_UTILITY; @@ -1353,11 +1368,12 @@ create_guest_schema_for_all_dbs(PG_FUNCTION_ARGS) PG_RETURN_INT32(0); } -/* Grant permissions on all the existing objects to db_datareader/db_datawriter. */ +/* Grant permissions on all the existing objects to db_datareader/db_datawriter/db_ddladmin */ static void -grant_perms_to_dbreader_dbwriter(const uint16 dbid, +grant_perms_to_dbreader_dbwriter_ddladmin(const uint16 dbid, const char *db_datareader, - const char *db_datawriter) + const char *db_datawriter, + const char *db_ddladmin) { Relation namespace_rel; TupleDesc namespace_rel_descr; @@ -1375,13 +1391,18 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, initStringInfo(&query); appendStringInfo(&query, "GRANT SELECT ON ALL TABLES IN SCHEMA dummy TO dummy; "); appendStringInfo(&query, "GRANT INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA dummy TO dummy; "); + appendStringInfo(&query, "GRANT TRUNCATE ON ALL TABLES IN SCHEMA dummy TO dummy; "); + appendStringInfo(&query, "GRANT CREATE ON SCHEMA dummy TO dummy ; "); /* Grant ALTER DEFAULT PRIVILEGES on schema owner and dbo user. */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT SELECT ON TABLES TO dummy; "); appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT INSERT, UPDATE, DELETE ON TABLES TO dummy; "); + appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT TRUNCATE ON TABLES TO dummy; "); stmt_list = raw_parser(query.data, RAW_PARSE_DEFAULT); + Assert(list_length(stmt_list) == 7); + ScanKeyInit(&key, Anum_namespace_ext_dbid, BTEqualStrategyNumber, F_INT2EQ, @@ -1389,9 +1410,7 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, tblscan = table_beginscan_catalog(namespace_rel, 1, &key); - tuple = heap_getnext(tblscan, ForwardScanDirection); - - while (HeapTupleIsValid(tuple)) + while ((tuple = heap_getnext(tblscan, ForwardScanDirection)) != NULL) { bool isNull; Datum datum; @@ -1412,11 +1431,17 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, update_GrantStmt(stmts, schema_name, NULL, db_datareader, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_GrantStmt(stmts, schema_name, NULL, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema_name, NULL, db_ddladmin, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema_name, NULL, db_ddladmin, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_datareader, NULL); stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_AlterDefaultPrivilegesStmt(stmts, schema_name, schema_owner, dbo_user, db_ddladmin, NULL); /* Run all subcommands */ foreach(parsetree_item, stmt_list) @@ -1442,7 +1467,9 @@ grant_perms_to_dbreader_dbwriter(const uint16 dbid, None_Receiver, NULL); } - tuple = heap_getnext(tblscan, ForwardScanDirection); + + pfree(dbo_user); + pfree(schema_owner); } /* Cleanup. */ @@ -1472,22 +1499,25 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) int i = 0; char *db_owner; char *db_accessadmin; - char *db_securityadmin; + char *db_securityadmin; char *db_datareader; char *db_datawriter; - int16 dbid = get_db_id(dbname); + char *db_ddladmin; + int16 dbid = get_db_id(dbname); db_owner = get_db_owner_name(dbname); db_accessadmin = get_db_accessadmin_role_name(dbname); db_securityadmin = get_db_securityadmin_role_name(dbname); db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); /* Throws error if a role exists already with the same name as db role. */ rolname_same_as_db_rolname(db_accessadmin); rolname_same_as_db_rolname(db_datareader); rolname_same_as_db_rolname(db_datawriter); rolname_same_as_db_rolname(db_securityadmin); + rolname_same_as_db_rolname(db_ddladmin); stmt = parsetree_nth_stmt(parsetree_list, i++); update_CreateRoleStmt(stmt, db_datareader, db_owner, NULL); @@ -1507,6 +1537,12 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) stmt = parsetree_nth_stmt(parsetree_list, i++); update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_securityadmin, NULL); + stmt = parsetree_nth_stmt(parsetree_list, i++); + update_CreateRoleStmt(stmt, db_ddladmin, db_owner, NULL); + + stmt = parsetree_nth_stmt(parsetree_list, i++); + update_GrantStmt(stmt, get_database_name(MyDatabaseId), NULL, db_ddladmin, NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); PG_TRY(); @@ -1518,20 +1554,14 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) add_to_bbf_authid_user_ext(db_securityadmin, DB_SECURITYADMIN, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datareader, DB_DATAREADER, dbname, NULL, NULL, true, false, false); add_to_bbf_authid_user_ext(db_datawriter, DB_DATAWRITER, dbname, NULL, NULL, true, false, false); + add_to_bbf_authid_user_ext(db_ddladmin, DB_DDLADMIN, dbname, NULL, NULL, true, false, false); + + SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); foreach(parsetree_item, parsetree_list) { PlannedStmt *wrapper; - if (stmt->type == T_GrantStmt) - { - SetUserIdAndSecContext(get_role_oid("sysadmin", false), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - } - else - { - SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); - } - wrapper = makeNode(PlannedStmt); wrapper->commandType = CMD_UTILITY; wrapper->canSetTag = false; @@ -1549,8 +1579,8 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) CommandCounterIncrement(); } - /* Grant permissions on all the schemas in a database to db_datareader/db_datawriter */ - grant_perms_to_dbreader_dbwriter(dbid, db_datareader, db_datawriter); + /* Grant permissions on all the schemas in a database to db_datareader/db_datawriter/db_ddladmin */ + grant_perms_to_dbreader_dbwriter_ddladmin(dbid, db_datareader, db_datawriter, db_ddladmin); } PG_FINALLY(); { @@ -1560,6 +1590,7 @@ create_db_roles_in_database(const char *dbname, List *parsetree_list) pfree(db_securityadmin); pfree(db_datareader); pfree(db_datawriter); + pfree(db_ddladmin); } PG_END_TRY(); } @@ -1605,12 +1636,15 @@ create_db_roles_during_upgrade(PG_FUNCTION_ARGS) appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); - + appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); + appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); appendStringInfo(&query, "CREATE ROLE dummy ROLE dummy; "); appendStringInfo(&query, "GRANT CREATE ON DATABASE dummy TO dummy; "); parsetree_list = raw_parser(query.data, RAW_PARSE_DEFAULT); + Assert(list_length(parsetree_list) == 8); + sysdatabase_rel = table_open(sysdatabases_oid, RowExclusiveLock); scan = table_beginscan_catalog(sysdatabase_rel, 0, NULL); diff --git a/contrib/babelfishpg_tsql/src/hooks.c b/contrib/babelfishpg_tsql/src/hooks.c index d2c03166eb..09c69bf5cf 100644 --- a/contrib/babelfishpg_tsql/src/hooks.c +++ b/contrib/babelfishpg_tsql/src/hooks.c @@ -199,6 +199,8 @@ static object_access_hook_type prev_object_access_hook = NULL; static void bbf_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg); static void revoke_func_permission_from_public(Oid objectId); static bool is_partitioned_table_reloptions_allowed(Datum reloptions); +static Oid pltsql_get_object_owner(Oid namespaceId, Oid ownerId); +static bool is_bbf_db_ddladmin_operation(Oid namespaceId); /***************************************** * Planner Hook @@ -507,6 +509,10 @@ InstallExtendedHooks(void) bbf_execute_grantstmt_as_dbsecadmin_hook = handle_grantstmt_for_dbsecadmin; pltsql_get_object_identity_event_trigger_hook = pltsql_get_object_identity_event_trigger; + + pltsql_get_object_owner_hook = pltsql_get_object_owner; + + is_bbf_db_ddladmin_operation_hook = is_bbf_db_ddladmin_operation; } void @@ -2968,13 +2974,16 @@ bbf_object_access_hook(ObjectAccessType access, Oid classId, Oid objectId, int s drop_bbf_roles(access, classId, objectId, subId, arg); if (access == OAT_POST_CREATE && classId == ProcedureRelationId) + { revoke_func_permission_from_public(objectId); + exec_internal_grant_on_function(objectId); + } } static void revoke_func_permission_from_public(Oid objectId) { - const char *query; + char *query; List *res; GrantStmt *revoke; PlannedStmt *wrapper; @@ -2982,7 +2991,11 @@ revoke_func_permission_from_public(Oid objectId) Oid phy_sch_oid; const char *phy_sch_name; const char *arg_list; - char kind; + char kind; + Oid save_userid; + int save_sec_context; + HeapTuple proc_tuple; + Form_pg_proc procedureStruct; /* TSQL specific behavior */ if (sql_dialect != SQL_DIALECT_TSQL) @@ -2991,11 +3004,18 @@ revoke_func_permission_from_public(Oid objectId) /* Advance command counter so new tuple can be seen by validator */ CommandCounterIncrement(); + proc_tuple = SearchSysCache1(PROCOID, + ObjectIdGetDatum(objectId)); + if (!HeapTupleIsValid(proc_tuple)) + elog(ERROR, "cache lookup failed for function %u", objectId); + + procedureStruct = (Form_pg_proc) GETSTRUCT(proc_tuple); + /* get properties */ - obj_name = get_func_name(objectId); - phy_sch_oid = get_func_namespace(objectId); + obj_name = NameStr(procedureStruct->proname); + phy_sch_oid = procedureStruct->pronamespace; phy_sch_name = get_namespace_name(phy_sch_oid); - kind = get_func_prokind(objectId); + kind = procedureStruct->prokind; arg_list = gen_func_arg_list(objectId); /* prepare subcommand */ @@ -3021,14 +3041,33 @@ revoke_func_permission_from_public(Oid objectId) wrapper->stmt_location = 0; wrapper->stmt_len = 0; - ProcessUtility(wrapper, - query, - false, - PROCESS_UTILITY_SUBCOMMAND, - NULL, - NULL, - None_Receiver, - NULL); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + + PG_TRY(); + { + /* + * babelfish routines could be transferred to schema owner during creation so + * current user may not have grant privilege on this routine when we reach here + */ + SetUserIdAndSecContext(procedureStruct->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + ProcessUtility(wrapper, + INTERNAL_REVOKE_ALL_ON_ROUTINE, + false, + PROCESS_UTILITY_SUBCOMMAND, + NULL, + NULL, + None_Receiver, + NULL); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); + + pfree(query); + ReleaseSysCache(proc_tuple); /* Command Counter will be increased by validator */ } @@ -5710,3 +5749,95 @@ handle_grantstmt_for_dbsecadmin(ObjectType objType, Oid objId, Oid ownerId, } return; } + + +/* + * Objects are always owned by current user in postgres but in babelfish + * schema contained objects should be owned by the schema owner by default + * Use this hook to pick schema owner as object owner during object creation + * We currently only do this if current user is member of db_ddladmin + */ +static Oid +pltsql_get_object_owner(Oid namespaceId, Oid ownerId) +{ + HeapTuple tuple; + Form_pg_namespace nsptup; + const char *logical_schema_name; + + Assert(OidIsValid(namespaceId)); + + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return ownerId; + + if (!OidIsValid(ownerId)) + ownerId = GetUserId(); + + tuple = SearchSysCache1(NAMESPACEOID, ObjectIdGetDatum(namespaceId)); + nsptup = (Form_pg_namespace) GETSTRUCT(tuple); + + logical_schema_name = get_logical_schema_name(NameStr(nsptup->nspname), true); + + if (logical_schema_name) + { + Oid nsp_owner; + char *db_name = get_cur_db_name(); + char *dbo_name = get_dbo_role_name(db_name); + + /* + * babelfish issue special handing for dbo schema since it is + * owned by db_owner but the correct owner should have been dbo + */ + if (strcmp(logical_schema_name, "dbo") == 0) + nsp_owner = get_role_oid(dbo_name, false); + else + nsp_owner = nsptup->nspowner; + + if (ownerId != nsp_owner) + { + Oid db_ddladmin = get_db_ddladmin_oid(db_name, false); + Oid db_owner = get_db_owner_oid(db_name, false); + Oid schema_db_id = get_dbid_from_physical_schema_name(NameStr(nsptup->nspname), false); + + if (schema_db_id == get_cur_db_id() && + !has_privs_of_role(GetUserId(), db_owner) && + has_privs_of_role(GetUserId(), db_ddladmin)) + ownerId = nsp_owner; + } + + pfree(db_name); + pfree(dbo_name); + } + ReleaseSysCache(tuple); + + return ownerId; +} + +/* + * Check if the given namespace is inside the current active logical + * database and if the current user is a member of db_ddladmin fixed + * database role of the current active logical database + */ +static bool +is_bbf_db_ddladmin_operation(Oid namespaceId) +{ + char *nspname; + Oid schema_db_id; + Oid db_ddladmin; + + Assert(OidIsValid(namespaceId)); + + if (sql_dialect != SQL_DIALECT_TSQL || !IS_TDS_CONN()) + return false; + + nspname = get_namespace_name(namespaceId); + schema_db_id = get_dbid_from_physical_schema_name(nspname, true); + db_ddladmin = get_db_ddladmin_oid(get_current_pltsql_db_name(), false); + + pfree(nspname); + + if (OidIsValid(schema_db_id) && schema_db_id == get_cur_db_id() && + has_privs_of_role(GetUserId(), db_ddladmin)) + return true; + + return false; +} diff --git a/contrib/babelfishpg_tsql/src/multidb.c b/contrib/babelfishpg_tsql/src/multidb.c index de313c67c0..d910787e20 100644 --- a/contrib/babelfishpg_tsql/src/multidb.c +++ b/contrib/babelfishpg_tsql/src/multidb.c @@ -1523,6 +1523,32 @@ get_db_securityadmin_oid(const char *dbname, bool missing_ok) return db_securityadmin_oid; } +char * +get_db_ddladmin_role_name(const char *dbname) +{ + char *name = palloc0(MAX_BBF_NAMEDATALEND); + + Assert(dbname != NULL && strlen(dbname) != 0); + + if (get_migration_mode() == SINGLE_DB && !IS_BBF_BUILT_IN_DB(dbname)) + snprintf(name, MAX_BBF_NAMEDATALEND, "%s", DB_DDLADMIN); + else + snprintf(name, MAX_BBF_NAMEDATALEND, "%s_%s", dbname, DB_DDLADMIN); + + truncate_identifier(name, strlen(name), false); + return name; +} + +Oid +get_db_ddladmin_oid(const char *dbname, bool missing_ok) +{ + char *db_ddladmin_name = get_db_ddladmin_role_name(dbname); + Oid db_ddladmin_oid = get_role_oid(db_ddladmin_name, missing_ok); + pfree(db_ddladmin_name); + + return db_ddladmin_oid; +} + char * get_guest_schema_name(const char *dbname) { diff --git a/contrib/babelfishpg_tsql/src/multidb.h b/contrib/babelfishpg_tsql/src/multidb.h index 8058d8ed4e..40d2cf21f0 100644 --- a/contrib/babelfishpg_tsql/src/multidb.h +++ b/contrib/babelfishpg_tsql/src/multidb.h @@ -30,6 +30,8 @@ extern Oid get_db_securityadmin_oid(const char *dbname, bool missing_ok); extern Oid get_db_owner_oid(const char *dbname, bool missing_ok); extern char *get_db_accessadmin_role_name(const char *dbname); extern Oid get_db_accessadmin_oid(const char *dbname, bool missing_ok); +extern char *get_db_ddladmin_role_name(const char *dbname); +extern Oid get_db_ddladmin_oid(const char *dbname, bool missing_ok); extern char *get_guest_role_name(const char *dbname); extern char *get_guest_schema_name(const char *dbname); extern char *get_db_datareader_name(const char *dbname); diff --git a/contrib/babelfishpg_tsql/src/pl_exec-2.c b/contrib/babelfishpg_tsql/src/pl_exec-2.c index 2e75c926f3..7bc268f911 100644 --- a/contrib/babelfishpg_tsql/src/pl_exec-2.c +++ b/contrib/babelfishpg_tsql/src/pl_exec-2.c @@ -4108,7 +4108,8 @@ check_create_or_drop_permission_for_partition_specifier(const char *name, bool i if (strncmp(login, get_owner_of_db(dbname), NAMEDATALEN) == 0) login_is_db_owner = true; - if (!login_is_db_owner && !is_member_of_role(session_user_id, get_role_oid("sysadmin", false))) + if (!login_is_db_owner && !is_member_of_role(session_user_id, get_role_oid("sysadmin", false)) && + !has_privs_of_role(GetUserId(), get_db_ddladmin_oid(dbname, false))) { if (is_create) ereport(ERROR, diff --git a/contrib/babelfishpg_tsql/src/pl_handler.c b/contrib/babelfishpg_tsql/src/pl_handler.c index 09fbb83338..0c86999dd3 100644 --- a/contrib/babelfishpg_tsql/src/pl_handler.c +++ b/contrib/babelfishpg_tsql/src/pl_handler.c @@ -3674,8 +3674,6 @@ bbf_ProcessUtility(PlannedStmt *pstmt, else if (rolspec && strcmp(queryString, CREATE_FIXED_DB_ROLES) != 0) { const char *db_name = get_current_pltsql_db_name(); - Oid db_accessadmin = get_db_accessadmin_oid(db_name, false); - Oid db_securityadmin = get_db_securityadmin_oid(db_name, false); owner_oid = get_rolespec_oid(rolspec, true); /* @@ -3684,8 +3682,9 @@ bbf_ProcessUtility(PlannedStmt *pstmt, * to current user and later alter schema owner using bbf_role_admin */ if (!member_can_set_role(GetUserId(), owner_oid) && - (has_privs_of_role(GetUserId(), db_accessadmin) || - has_privs_of_role(GetUserId(), db_securityadmin)) && + (has_privs_of_role(GetUserId(), get_db_accessadmin_oid(db_name, false)) || + has_privs_of_role(GetUserId(), get_db_securityadmin_oid(db_name, false)) || + has_privs_of_role(GetUserId(), get_db_ddladmin_oid(db_name, false))) && get_db_principal_kind(owner_oid, db_name)) { create_schema->authrole = NULL; @@ -3742,6 +3741,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, { SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); AlterSchemaOwner_oid(get_namespace_oid(create_schema->schemaname, false), owner_oid); + CommandCounterIncrement(); } PG_FINALLY(); { @@ -3752,10 +3752,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, /* Execute subcommands for database roles.*/ if (strcmp(queryString, CREATE_GUEST_SCHEMAS_DURING_UPGRADE) != 0) { - if (rolspec) - exec_database_roles_subcmds(create_schema->schemaname, rolspec->rolename); - else - exec_database_roles_subcmds(create_schema->schemaname, NULL); + exec_database_roles_subcmds(create_schema->schemaname); } /* Grant ALL schema privileges to the user.*/ @@ -3799,18 +3796,22 @@ bbf_ProcessUtility(PlannedStmt *pstmt, if (!is_drop_db_statement) { - char *guest_schema_name = get_physical_schema_name(cur_db, "guest"); + char *guest_schema_name = get_guest_schema_name(cur_db); + char *dbo_schema_name = get_dbo_schema_name(cur_db); - if (strcmp(schemaname, guest_schema_name) == 0) + if (strcmp(schemaname, guest_schema_name) == 0 || + strcmp(schemaname, dbo_schema_name) == 0) { ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("Cannot drop the schema \'%s\'", schemaname))); } + pfree(guest_schema_name); + pfree(dbo_schema_name); } bbf_ExecDropStmt(drop_stmt); - del_ns_ext_info(schemaname, drop_stmt->missing_ok); + if (!is_drop_db_statement) { /* @@ -3826,6 +3827,14 @@ bbf_ProcessUtility(PlannedStmt *pstmt, else standard_ProcessUtility(pstmt, queryString, readOnlyTree, context, params, queryEnv, dest, qc); + + /* + * is_bbf_db_ddladmin_operation() checks if the schema being dropped + * belongs to the current logical database. This check only works if we + * drop the babelfish catalog entry after executing the schema drop + */ + del_ns_ext_info(schemaname, drop_stmt->missing_ok); + return; } else @@ -4178,7 +4187,7 @@ bbf_ProcessUtility(PlannedStmt *pstmt, */ /* Ignore when GRANT statement has no specific named object. */ - if (sql_dialect != SQL_DIALECT_TSQL || grant->targtype != ACL_TARGET_OBJECT) + if (sql_dialect != SQL_DIALECT_TSQL || grant->targtype != ACL_TARGET_OBJECT || strcmp(INTERNAL_REVOKE_ALL_ON_ROUTINE, queryString) == 0) break; Assert(list_length(grant->objects) == 1); if (grant->objtype == OBJECT_SCHEMA) @@ -4314,19 +4323,6 @@ bbf_ProcessUtility(PlannedStmt *pstmt, /* If ALL PRIVILEGES is granted/revoked. */ if (list_length(grant->privileges) == 0) { - /* - * Case: When ALL PRIVILEGES is revoked internally during create function. - * pstmt->stmt_len = 0 means it is an implicit REVOKE statement issued at the time of create function/procedure. - * For more details, please refer revoke_func_permission_from_public(). - * If schema entry exists in the catalog, implicitly grant permission on the new object to the user. - */ - if ((pstmt->stmt_len == 0) && privilege_exists_in_bbf_schema_permissions(logicalschema, PERMISSIONS_FOR_ALL_OBJECTS_IN_SCHEMA, NULL)) - { - call_prev_ProcessUtility(pstmt, queryString, readOnlyTree, context, params, queryEnv, dest, qc); - exec_internal_grant_on_function(logicalschema, funcname, obj_type); - return; - } - if (grant->is_grant) { foreach(lc, grant->grantees) @@ -5633,9 +5629,8 @@ pltsql_validator(PG_FUNCTION_ARGS) MemoryContext oldMemoryContext = CurrentMemoryContext; int saved_dialect = sql_dialect; - - if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) - PG_RETURN_VOID(); + int save_sec_context; + Oid save_userid; /* Get the new function's pg_proc entry */ tuple = SearchSysCache1(PROCOID, ObjectIdGetDatum(funcoid)); @@ -5643,6 +5638,22 @@ pltsql_validator(PG_FUNCTION_ARGS) elog(ERROR, "cache lookup failed for function %u", funcoid); proc = (Form_pg_proc) GETSTRUCT(tuple); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + PG_TRY(); + { + if (GetUserId() != proc->proowner && IS_TDS_CONN() && + has_privs_of_role(GetUserId(), get_db_ddladmin_oid(get_current_pltsql_db_name(), false))) + SetUserIdAndSecContext(proc->proowner, save_sec_context | SECURITY_LOCAL_USERID_CHANGE); + + if (!CheckFunctionValidatorAccess(fcinfo->flinfo->fn_oid, funcoid)) + PG_RETURN_VOID(); + } + PG_FINALLY(); + { + SetUserIdAndSecContext(save_userid, save_sec_context); + } + PG_END_TRY(); + prokind = proc->prokind; /* Disallow text, ntext, and image type result */ diff --git a/contrib/babelfishpg_tsql/src/pltsql.h b/contrib/babelfishpg_tsql/src/pltsql.h index 6388386a84..2694990141 100644 --- a/contrib/babelfishpg_tsql/src/pltsql.h +++ b/contrib/babelfishpg_tsql/src/pltsql.h @@ -26,6 +26,7 @@ #include "commands/trigger.h" #include "collation.h" #include "executor/spi.h" +#include "libpq/libpq-be.h" #include "optimizer/planner.h" #include "utils/expandedrecord.h" #include "utils/plancache.h" @@ -1920,6 +1921,8 @@ extern common_utility_plugin *common_utility_plugin_ptr; #define IS_TDS_CLIENT() (*pltsql_protocol_plugin_ptr && \ (*pltsql_protocol_plugin_ptr)->is_tds_client) +#define IS_TDS_CONN() (MyProcPort && MyProcPort->is_tds_conn) + extern Oid procid_var; extern uint64 rowcount_var; extern List *columns_updated_list; @@ -1988,6 +1991,7 @@ extern bool insert_bulk_check_constraints; #define CREATE_FIXED_DB_ROLES "(CREATE FIXED DATABASE ROLES )" #define ALTER_DEFAULT_PRIVILEGES "(ALTER DEFAULT PRIVILEGES )" #define INTERNAL_GRANT_STATEMENT "(GRANT STATEMENT )" +#define INTERNAL_REVOKE_ALL_ON_ROUTINE "(REVOKE ALL ON ROUTINE )" /* FIXED DB PRINCIPALS */ #define DBO "dbo" @@ -1996,6 +2000,7 @@ extern bool insert_bulk_check_constraints; #define DB_SECURITYADMIN "db_securityadmin" #define DB_DATAREADER "db_datareader" #define DB_DATAWRITER "db_datawriter" +#define DB_DDLADMIN "db_ddladmin" #define IS_BBF_BUILT_IN_DB(dbname) \ (strcmp(dbname, "master") == 0 || \ @@ -2008,7 +2013,8 @@ extern bool insert_bulk_check_constraints; strcmp(rolname, DB_ACCESSADMIN) == 0 || \ strcmp(rolname, DB_SECURITYADMIN) == 0 || \ strcmp(rolname, DB_DATAREADER) == 0 || \ - strcmp(rolname, DB_DATAWRITER) == 0) + strcmp(rolname, DB_DATAWRITER) == 0 || \ + strcmp(rolname, DB_DDLADMIN) == 0) /********************************************************************** * Function declarations @@ -2092,7 +2098,7 @@ extern char *get_original_query_string(void); extern AclMode string_to_privilege(const char *privname); extern const char *privilege_to_string(AclMode privilege); extern Oid get_owner_of_schema(const char *schema); -extern void exec_database_roles_subcmds(const char *physical_schema, char *schema_owner); +extern void exec_database_roles_subcmds(const char *physical_schema); /* * Functions for namespace handling in pl_funcs.c diff --git a/contrib/babelfishpg_tsql/src/pltsql_utils.c b/contrib/babelfishpg_tsql/src/pltsql_utils.c index 3c3bc41f10..05c328cc05 100644 --- a/contrib/babelfishpg_tsql/src/pltsql_utils.c +++ b/contrib/babelfishpg_tsql/src/pltsql_utils.c @@ -2511,16 +2511,18 @@ get_owner_of_schema(const char *schema) * Alter default privileges on all the objects in a schema to the db_datareader/db_datareader while creating a schema. */ void -exec_database_roles_subcmds(const char *schema, char *schema_owner) +exec_database_roles_subcmds(const char *schema) { StringInfoData query; char *db_datareader; char *db_datawriter; + char *db_ddladmin; char *dbo_role; char *db_owner; - const char *dbname = get_cur_db_name(); + char *schema_owner; + const char *dbname = get_current_pltsql_db_name(); List *stmt_list; - int expected_stmts = 2; + int expected_stmts = 4; ListCell *parsetree_item; Node *stmts; int i=0; @@ -2529,25 +2531,23 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) db_datareader = get_db_datareader_name(dbname); db_datawriter = get_db_datawriter_name(dbname); + db_ddladmin = get_db_ddladmin_role_name(dbname); dbo_role = get_dbo_role_name(dbname); db_owner = get_db_owner_name(dbname); GetUserIdAndSecContext(&save_userid, &save_sec_context); - /* If schema owner is not the dbo/db_owner role. */ - if (schema_owner && strcmp(schema_owner, dbo_role) != 0 && strcmp(schema_owner, db_owner) != 0) - { - // do nothing - } - else - { - schema_owner = GetUserNameFromId(get_owner_of_schema(schema), false); - } + schema_owner = GetUserNameFromId(get_owner_of_schema(schema), false); initStringInfo(&query); + /* Grant privileges to db_datareader */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT SELECT ON TABLES TO dummy; "); + /* Grant privileges to db_datawriter */ appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT INSERT, UPDATE, DELETE ON TABLES TO dummy; "); + /* Grant privileges to db_ddladmin */ + appendStringInfo(&query, "ALTER DEFAULT PRIVILEGES FOR ROLE dummy, dummy IN SCHEMA dummy GRANT TRUNCATE ON TABLES TO dummy; "); + appendStringInfo(&query, "GRANT CREATE ON SCHEMA dummy TO dummy ; "); stmt_list = raw_parser(query.data, RAW_PARSE_DEFAULT); if (list_length(stmt_list) != expected_stmts) @@ -2562,6 +2562,11 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) stmts = parsetree_nth_stmt(stmt_list, i++); update_AlterDefaultPrivilegesStmt(stmts, schema, schema_owner, dbo_role, db_datawriter, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_AlterDefaultPrivilegesStmt(stmts, schema, schema_owner, dbo_role, db_ddladmin, NULL); + stmts = parsetree_nth_stmt(stmt_list, i++); + update_GrantStmt(stmts, schema, NULL, db_ddladmin, NULL); + PG_TRY(); { SetUserIdAndSecContext(get_bbf_role_admin_oid(), save_sec_context | SECURITY_LOCAL_USERID_CHANGE); @@ -2596,6 +2601,7 @@ exec_database_roles_subcmds(const char *schema, char *schema_owner) SetUserIdAndSecContext(save_userid, save_sec_context); pfree(db_datareader); pfree(db_datawriter); + pfree(db_ddladmin); pfree(dbo_role); pfree(db_owner); } @@ -2612,4 +2618,4 @@ throw_error_for_fixed_db_role(char *rolname, char *dbname) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("Cannot grant, deny or revoke permissions to or from special roles."))); } -} \ No newline at end of file +} diff --git a/contrib/babelfishpg_tsql/src/schemacmds.c b/contrib/babelfishpg_tsql/src/schemacmds.c index fd50867bcd..ff8bf81ff2 100644 --- a/contrib/babelfishpg_tsql/src/schemacmds.c +++ b/contrib/babelfishpg_tsql/src/schemacmds.c @@ -76,9 +76,6 @@ del_ns_ext_info(const char *schemaname, bool missing_ok) ScanKeyData scanKey; SysScanDesc scan; - if (get_namespace_oid(schemaname, missing_ok) == InvalidOid) - return; - rel = table_open(namespace_ext_oid, RowExclusiveLock); ScanKeyInit(&scanKey, Anum_namespace_ext_namespace, @@ -93,9 +90,10 @@ del_ns_ext_info(const char *schemaname, bool missing_ok) { systable_endscan(scan); table_close(rel, RowExclusiveLock); - ereport(ERROR, - (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("Could not drop schema created under PostgreSQL dialect: \"%s\"", schemaname))); + if (!missing_ok) + ereport(ERROR, + (errcode(ERRCODE_INTERNAL_ERROR), + errmsg("Could not drop schema created under PostgreSQL dialect: \"%s\"", schemaname))); return; } diff --git a/test/JDBC/expected/BABEL-2403.out b/test/JDBC/expected/BABEL-2403.out index 6ee9a44d8b..45eef1c8a4 100644 --- a/test/JDBC/expected/BABEL-2403.out +++ b/test/JDBC/expected/BABEL-2403.out @@ -127,6 +127,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} @@ -244,6 +250,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} diff --git a/test/JDBC/expected/BABEL-2409.out b/test/JDBC/expected/BABEL-2409.out index 1b7cf31323..8303c9d912 100644 --- a/test/JDBC/expected/BABEL-2409.out +++ b/test/JDBC/expected/BABEL-2409.out @@ -27,6 +27,8 @@ GO -- psql CREATE SCHEMA master_xyz; GO +ALTER SCHEMA master_xyz OWNER TO master_dbo; +GO -- tsql DROP SCHEMA xyz; diff --git a/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out b/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out index 52de3e860b..7f3a161fe3 100644 --- a/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out +++ b/test/JDBC/expected/BABEL-LOGIN-USER-EXT.out @@ -697,6 +697,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!#db_accessadmin#!##!#db1#!# db1_db_datareader#!#db_datareader#!##!#db1#!# db1_db_datawriter#!#db_datawriter#!##!#db1#!# +db1_db_ddladmin#!#db_ddladmin#!##!#db1#!# db1_db_owner#!#db_owner#!##!#db1#!# db1_db_securityadmin#!#db_securityadmin#!##!#db1#!# db1_dbo#!#dbo#!##!#db1#!#dbo @@ -704,6 +705,7 @@ db1_guest#!#guest#!##!#db1#!#guest master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -711,6 +713,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -718,6 +721,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -886,6 +890,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -893,6 +898,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -900,6 +906,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -949,6 +956,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!##!#db_accessadmin#!#db1#!# db1_db_datareader#!##!#db_datareader#!#db1#!# db1_db_datawriter#!##!#db_datawriter#!#db1#!# +db1_db_ddladmin#!##!#db_ddladmin#!#db1#!# db1_db_owner#!##!#db_owner#!#db1#!# db1_db_securityadmin#!##!#db_securityadmin#!#db1#!# db1_dbo#!##!#dbo#!#db1#!#dbo @@ -956,6 +964,7 @@ db1_guest#!##!#guest#!#db1#!#guest db2_db_accessadmin#!##!#db_accessadmin#!#db2#!# db2_db_datareader#!##!#db_datareader#!#db2#!# db2_db_datawriter#!##!#db_datawriter#!#db2#!# +db2_db_ddladmin#!##!#db_ddladmin#!#db2#!# db2_db_owner#!##!#db_owner#!#db2#!# db2_db_securityadmin#!##!#db_securityadmin#!#db2#!# db2_dbo#!##!#dbo#!#db2#!#dbo @@ -963,6 +972,7 @@ db2_guest#!##!#guest#!#db2#!#guest master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -970,6 +980,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -977,6 +988,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -995,6 +1007,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1031,6 +1044,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1169,6 +1183,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar db2_db_accessadmin#!#db_accessadmin#!##!#db2#!# db2_db_datareader#!#db_datareader#!##!#db2#!# db2_db_datawriter#!#db_datawriter#!##!#db2#!# +db2_db_ddladmin#!#db_ddladmin#!##!#db2#!# db2_db_owner#!#db_owner#!##!#db2#!# db2_db_securityadmin#!#db_securityadmin#!##!#db2#!# db2_dbo#!#dbo#!##!#db2#!#dbo @@ -1176,6 +1191,7 @@ db2_guest#!#guest#!##!#db2#!#guest master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1183,6 +1199,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1190,6 +1207,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1209,6 +1227,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1216,6 +1235,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1223,6 +1243,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1499,6 +1520,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1520,6 +1542,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1540,6 +1563,7 @@ babel_4935_no_sysadmin1 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1559,6 +1583,7 @@ varchar db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo diff --git a/test/JDBC/expected/BABEL-USER.out b/test/JDBC/expected/BABEL-USER.out index 086c67743c..86011d6af2 100644 --- a/test/JDBC/expected/BABEL-USER.out +++ b/test/JDBC/expected/BABEL-USER.out @@ -52,6 +52,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar#!#nvarchar db1_db_accessadmin#!##!#db_accessadmin#!#db1#!# db1_db_datareader#!##!#db_datareader#!#db1#!# db1_db_datawriter#!##!#db_datawriter#!#db1#!# +db1_db_ddladmin#!##!#db_ddladmin#!#db1#!# db1_db_owner#!##!#db_owner#!#db1#!# db1_db_securityadmin#!##!#db_securityadmin#!#db1#!# db1_dbo#!##!#dbo#!#db1#!#dbo @@ -59,6 +60,7 @@ db1_guest#!##!#guest#!#db1#!#guest master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -66,6 +68,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -73,6 +76,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -91,6 +95,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# diff --git a/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out b/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out index 8a423a1cea..f7a752908a 100644 --- a/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helpdbfixedrole-dep-vu-verify.out @@ -7,6 +7,7 @@ db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer +db_ddladmin#!#DB DDL Administrators ~~END~~ @@ -22,7 +23,7 @@ SELECT dbo.test_sp_helpdbfixedrole_func() GO ~~START~~ int -5 +6 ~~END~~ @@ -30,7 +31,7 @@ SELECT * FROM test_sp_helpdbfixedrole_view GO ~~START~~ int -5 +6 ~~END~~ diff --git a/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out b/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out index 24ff4bb1c3..cfb3ccbb8b 100644 --- a/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out +++ b/test/JDBC/expected/Test-sp_helpdbfixedrole-vu-verify.out @@ -1,6 +1,6 @@ INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole GO -~~ROW COUNT: 5~~ +~~ROW COUNT: 6~~ SELECT DbFixedRole, Description FROM test_sp_helpdbfixedrole_tbl @@ -12,6 +12,7 @@ db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer +db_ddladmin#!#DB DDL Administrators ~~END~~ @@ -60,6 +61,8 @@ GO INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'db_ddladmin ' GO +~~ROW COUNT: 1~~ + INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'DB_backupoperator ' GO INSERT INTO test_sp_helpdbfixedrole_tbl (DbFixedRole, Description) EXEC sp_helpdbfixedrole 'db_datareader' @@ -81,6 +84,7 @@ GO varchar#!#nvarchar db_accessadmin#!#DB Access Administrators db_securityadmin#!#DB Security Administrators +db_ddladmin#!#DB DDL Administrators db_datareader#!#DB Data Reader db_datawriter#!#DB Data Writer ~~END~~ diff --git a/test/JDBC/expected/Test_alter_db_rename-vu-verify.out b/test/JDBC/expected/Test_alter_db_rename-vu-verify.out index c435e0dcbd..a7c4889edb 100644 --- a/test/JDBC/expected/Test_alter_db_rename-vu-verify.out +++ b/test/JDBC/expected/Test_alter_db_rename-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -197,6 +199,7 @@ thisnewdatabasenameiscasesensitc4313f9adf0e47cfa5aca25228e02f29#!#dbo ~~START~~ varchar#!#varchar#!#nvarchar#!#nvarchar thisnewdatabasenameiscasesensit4e1f355d810759b9f1a59b04496ed2e1#!##!#guest#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e +thisnewdatabasenameiscasesensit72927d959d85ca4219923b43129c8ed9#!##!#db_ddladmin#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit72e4dcc7ed25f5536033cf547cd7f001#!##!#db_owner#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit7de06ed1a7bed768d6641b3e7841314c#!##!#db_datareader#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e thisnewdatabasenameiscasesensit944678472843354d6b3a4354630249a8#!##!#db_accessadmin#!#thisnewdatabasenameiscasesensit44f3247005ec268e1a10c736599cfb7e diff --git a/test/JDBC/expected/Test_rename_db_single-db.out b/test/JDBC/expected/Test_rename_db_single-db.out index b43269cf49..a4fc86b2f5 100644 --- a/test/JDBC/expected/Test_rename_db_single-db.out +++ b/test/JDBC/expected/Test_rename_db_single-db.out @@ -35,6 +35,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -139,6 +141,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -191,6 +194,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -255,6 +259,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -307,6 +312,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 @@ -359,6 +365,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database1_db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 rename_db_database1_db_datareader#!##!#db_datareader#!#rename_db_database1 rename_db_database1_db_datawriter#!##!#db_datawriter#!#rename_db_database1 +rename_db_database1_db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 rename_db_database1_db_owner#!##!#db_owner#!#rename_db_database1 rename_db_database1_db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 rename_db_database1_dbo#!##!#dbo#!#rename_db_database1 @@ -411,6 +418,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar rename_db_database2_db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 rename_db_database2_db_datareader#!##!#db_datareader#!#rename_db_database2 rename_db_database2_db_datawriter#!##!#db_datawriter#!#rename_db_database2 +rename_db_database2_db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 rename_db_database2_db_owner#!##!#db_owner#!#rename_db_database2 rename_db_database2_db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 rename_db_database2_dbo#!##!#dbo#!#rename_db_database2 diff --git a/test/JDBC/expected/Test_sp_rename_database-vu-verify.out b/test/JDBC/expected/Test_sp_rename_database-vu-verify.out index 1900036990..cee3848de5 100644 --- a/test/JDBC/expected/Test_sp_rename_database-vu-verify.out +++ b/test/JDBC/expected/Test_sp_rename_database-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_rename_database1_db_accessadmin#!##!#db_accessadmin#!#sp_rename_database1 sp_rename_database1_db_datareader#!##!#db_datareader#!#sp_rename_database1 sp_rename_database1_db_datawriter#!##!#db_datawriter#!#sp_rename_database1 +sp_rename_database1_db_ddladmin#!##!#db_ddladmin#!#sp_rename_database1 sp_rename_database1_db_owner#!##!#db_owner#!#sp_rename_database1 sp_rename_database1_db_securityadmin#!##!#db_securityadmin#!#sp_rename_database1 sp_rename_database1_dbo#!##!#dbo#!#sp_rename_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_rename_database2_db_accessadmin#!##!#db_accessadmin#!#sp_rename_database2 sp_rename_database2_db_datareader#!##!#db_datareader#!#sp_rename_database2 sp_rename_database2_db_datawriter#!##!#db_datawriter#!#sp_rename_database2 +sp_rename_database2_db_ddladmin#!##!#db_ddladmin#!#sp_rename_database2 sp_rename_database2_db_owner#!##!#db_owner#!#sp_rename_database2 sp_rename_database2_db_securityadmin#!##!#db_securityadmin#!#sp_rename_database2 sp_rename_database2_dbo#!##!#dbo#!#sp_rename_database2 @@ -203,6 +205,7 @@ sp_rename_thisnewdatabasenameisfacf8af797f428fdc401ffddc672894d#!#dbo ~~START~~ varchar#!#varchar#!#nvarchar#!#nvarchar +sp_rename_thisnewdatabasenameis13e6a4262544f66eae3d52bc3368a097#!##!#db_ddladmin#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis1e39ca7c78a1fba2342467331fb5bd56#!##!#db_owner#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis21f79a8b66248a73068dca6edd5b0ca3#!##!#guest#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 sp_rename_thisnewdatabasenameis95c235131f6db63ef16f222aa48d0554#!##!#db_datareader#!#sp_rename_thisnewdatabasenameisb8bd7c94f797959aa629fc2f9e821637 diff --git a/test/JDBC/expected/Test_sp_renamedb-vu-verify.out b/test/JDBC/expected/Test_sp_renamedb-vu-verify.out index 460a11cb6a..813e881039 100644 --- a/test/JDBC/expected/Test_sp_renamedb-vu-verify.out +++ b/test/JDBC/expected/Test_sp_renamedb-vu-verify.out @@ -22,6 +22,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_renamedb_database1_db_accessadmin#!##!#db_accessadmin#!#sp_renamedb_database1 sp_renamedb_database1_db_datareader#!##!#db_datareader#!#sp_renamedb_database1 sp_renamedb_database1_db_datawriter#!##!#db_datawriter#!#sp_renamedb_database1 +sp_renamedb_database1_db_ddladmin#!##!#db_ddladmin#!#sp_renamedb_database1 sp_renamedb_database1_db_owner#!##!#db_owner#!#sp_renamedb_database1 sp_renamedb_database1_db_securityadmin#!##!#db_securityadmin#!#sp_renamedb_database1 sp_renamedb_database1_dbo#!##!#dbo#!#sp_renamedb_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar sp_renamedb_database2_db_accessadmin#!##!#db_accessadmin#!#sp_renamedb_database2 sp_renamedb_database2_db_datareader#!##!#db_datareader#!#sp_renamedb_database2 sp_renamedb_database2_db_datawriter#!##!#db_datawriter#!#sp_renamedb_database2 +sp_renamedb_database2_db_ddladmin#!##!#db_ddladmin#!#sp_renamedb_database2 sp_renamedb_database2_db_owner#!##!#db_owner#!#sp_renamedb_database2 sp_renamedb_database2_db_securityadmin#!##!#db_securityadmin#!#sp_renamedb_database2 sp_renamedb_database2_dbo#!##!#dbo#!#sp_renamedb_database2 @@ -208,6 +210,7 @@ sp_renamedb_thisnewdatabasename2a476218bfa8dba9ac86fb898b11e9a5#!##!#db_datawrit sp_renamedb_thisnewdatabasename7052c471c798d0b08c69f719bcd607d7#!##!#db_datareader#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameb0dffbb56deab7ad4e684df689419c65#!##!#db_owner#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameda6915c331b2fe3a4c4e33126c0366c1#!##!#db_securityadmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd +sp_renamedb_thisnewdatabasenamedc7b15e8672064bd10ff0615b83919cb#!##!#db_ddladmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenamedeb7cafbbedd23f312d90e7c10a60901#!##!#guest#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd sp_renamedb_thisnewdatabasenameeeb9e8f522c23281503d418ce3640572#!##!#db_accessadmin#!#sp_renamedb_thisnewdatabasename738bbb14cb857db43c693446c049f0bd ~~END~~ diff --git a/test/JDBC/expected/datareader_datawriter.out b/test/JDBC/expected/datareader_datawriter.out index ddc726e3b2..e6c1ddaf4f 100644 --- a/test/JDBC/expected/datareader_datawriter.out +++ b/test/JDBC/expected/datareader_datawriter.out @@ -284,7 +284,7 @@ go -- Insert the results of sp_helprole into the temporary table INSERT INTO #UserRoles EXEC sp_helprole; go -~~ROW COUNT: 6~~ +~~ROW COUNT: 7~~ -- Select the desired fields from the temporary table SELECT RoleName, IsAppRole FROM #UserRoles WHERE RoleName IN ('db_datareader', 'db_datawriter'); diff --git a/test/JDBC/expected/db_accessadmin-vu-verify.out b/test/JDBC/expected/db_accessadmin-vu-verify.out index b5fc51976f..877882880d 100644 --- a/test/JDBC/expected/db_accessadmin-vu-verify.out +++ b/test/JDBC/expected/db_accessadmin-vu-verify.out @@ -605,6 +605,7 @@ GO ~~START~~ nvarchar#!#varchar db_accessadmin#!#=C +db_ddladmin#!#=C db_securityadmin#!#=C dbo#!#=CTc ~~END~~ diff --git a/test/JDBC/expected/db_ddladmin-vu-cleanup.out b/test/JDBC/expected/db_ddladmin-vu-cleanup.out new file mode 100644 index 0000000000..72455efaca --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-cleanup.out @@ -0,0 +1,42 @@ +DROP DATABASE babel_5116_db +GO + +USE master +GO + +DROP LOGIN babel_5116_l1 +GO +DROP LOGIN babel_5116_l2 +GO +DROP LOGIN babel_5116_l3 +GO +DROP USER babel_5116_l1 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO diff --git a/test/JDBC/expected/db_ddladmin-vu-prepare.out b/test/JDBC/expected/db_ddladmin-vu-prepare.out new file mode 100644 index 0000000000..c459bdc080 --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-prepare.out @@ -0,0 +1,95 @@ +USE master +GO + +CREATE LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO + +CREATE DATABASE babel_5116_db +GO +USE babel_5116_db +GO + +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT, con_col INT NOT NULL CONSTRAINT babel_5116_constr1 UNIQUE) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig1 ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch2 AUTHORIZATION babel_5116_r1 +GO diff --git a/test/JDBC/expected/db_ddladmin-vu-verify.out b/test/JDBC/expected/db_ddladmin-vu-verify.out new file mode 100644 index 0000000000..98cb216f06 --- /dev/null +++ b/test/JDBC/expected/db_ddladmin-vu-verify.out @@ -0,0 +1,1099 @@ +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +0 +~~END~~ + +SELECT CURRENT_USER +GO +~~START~~ +varchar +babel_5116_l1 +~~END~~ + +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to create new login)~~ + +CREATE USER u +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "u" does not exist)~~ + +CREATE ROLE r +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE TABLE t (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE PROCEDURE p AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE t FROM sys.varchar(10) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE tabletype AS TABLE (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +TRUNCATE TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +CREATE SCHEMA babel_5116_sch1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + + + +DROP LOGIN babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the login 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP VIEW babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view babel_5116_v1)~~ + +DROP SEQUENCE babel_5116_s1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + +DROP TRIGGER babel_5116_trig +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of relation babel_5116_t1)~~ + +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of index babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b)~~ + +DROP TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DROP FUNCTION babel_5116_f1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_f1)~~ + +DROP FUNCTION babel_5116_tvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_tvf1)~~ + +DROP FUNCTION babel_5116_mtvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_mtvf1)~~ + +DROP PROC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of procedure babel_5116_p1)~~ + +DROP TYPE babel_5116_type1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_type1)~~ + +DROP TYPE babel_5116_tabletype1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_tabletype1)~~ + + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO +~~START~~ +int +~~END~~ + + +-- tsql +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +CREATE DATABASE babel_5116_db1; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied to create database)~~ + +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot find the principal 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + +DROP DATABASE babel_5116_db; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of database babel_5116_db)~~ + + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +DROP USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l2', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r2', because it does not exist or you do not have permission.)~~ + + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO +~~START~~ +int +~~END~~ + + + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +DELETE FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +UPDATE babel_5116_t1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +SELECT * FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +DELETE FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +UPDATE babel_5116_t2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +SELECT * FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +DELETE FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +UPDATE babel_5116_v1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +SELECT * FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +DELETE FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +UPDATE babel_5116_v2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s1)~~ + +SELECT NEXT VALUE FOR babel_5116_s2; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s2)~~ + + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p1)~~ + +EXEC babel_5116_p2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p2)~~ + +SELECT babel_5116_f1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f1)~~ + +SELECT babel_5116_f2() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f2)~~ + +SELECT * FROM babel_5116_tvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_tvf1)~~ + +SELECT * FROM babel_5116_mtvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_mtvf1)~~ + + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for column "tableoid" of relation "babel_5116_t1")~~ + +REVOKE CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +~~START~~ +char#!#char +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#babel_5116_db_dbo +babel_5116_idx1babel_5116_t2e29153c477c95d679c4b63370567552b #!#babel_5116_db_dbo +babel_5116_pt #!#babel_5116_db_dbo +babel_5116_pt_saleid_seq #!#babel_5116_db_dbo +babel_5116_s1 #!#babel_5116_db_dbo +babel_5116_s2 #!#babel_5116_db_dbo +babel_5116_t1 #!#babel_5116_db_dbo +babel_5116_t2 #!#babel_5116_db_dbo +babel_5116_t3 #!#babel_5116_db_dbo +babel_5116_tabletype1 #!#babel_5116_db_dbo +babel_5116_tabletype2 #!#babel_5116_db_dbo +babel_5116_v1 #!#babel_5116_db_dbo +babel_5116_v2 #!#babel_5116_db_dbo +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#master_dbo +babel_5116_s1 #!#master_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +~~START~~ +char#!#char +babel_5116_f1 #!#babel_5116_db_dbo +babel_5116_f2 #!#babel_5116_db_dbo +babel_5116_mtvf1 #!#babel_5116_db_dbo +babel_5116_mtvf2 #!#babel_5116_db_dbo +babel_5116_p1 #!#babel_5116_db_dbo +babel_5116_p2 #!#babel_5116_db_dbo +babel_5116_trig1 #!#babel_5116_db_dbo +babel_5116_trig2 #!#babel_5116_db_dbo +babel_5116_tvf1 #!#babel_5116_db_dbo +babel_5116_tvf2 #!#babel_5116_db_dbo +babel_5116_f1 #!#master_dbo +babel_5116_mtvf1 #!#master_dbo +babel_5116_p1 #!#master_dbo +babel_5116_trig #!#master_dbo +babel_5116_tvf1 #!#master_dbo +~~END~~ + +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO +~~START~~ +char#!#char +babel_5116_pt #!#babel_5116_db_dbo +babel_5116_t1 #!#babel_5116_db_dbo +babel_5116_t2 #!#babel_5116_db_dbo +babel_5116_t3 #!#babel_5116_db_dbo +babel_5116_tabletype1 #!#babel_5116_db_dbo +babel_5116_tabletype2 #!#babel_5116_db_dbo +babel_5116_type1 #!#babel_5116_db_dbo +babel_5116_type2 #!#babel_5116_db_dbo +babel_5116_v1 #!#babel_5116_db_dbo +babel_5116_v2 #!#babel_5116_db_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_type1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +~~END~~ + + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +babel_5116_db_db_ddladmin #!#babel_5116_pt #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t1 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t2 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_t3 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_v1 #!#a +babel_5116_db_db_ddladmin #!#babel_5116_v2 #!#a +babel_5116_db_dbo #!#babel_5116_f1 #!#o +babel_5116_db_dbo #!#babel_5116_f2 #!#o +babel_5116_db_dbo #!#babel_5116_mtvf1 #!#o +babel_5116_db_dbo #!#babel_5116_mtvf2 #!#o +babel_5116_db_dbo #!#babel_5116_p1 #!#o +babel_5116_db_dbo #!#babel_5116_p2 #!#o +babel_5116_db_dbo #!#babel_5116_pt #!#o +babel_5116_db_dbo #!#babel_5116_pt_saleid_s#!#o +babel_5116_db_dbo #!#babel_5116_s1 #!#o +babel_5116_db_dbo #!#babel_5116_s2 #!#o +babel_5116_db_dbo #!#babel_5116_t1 #!#o +babel_5116_db_dbo #!#babel_5116_t2 #!#o +babel_5116_db_dbo #!#babel_5116_t3 #!#o +babel_5116_db_dbo #!#babel_5116_tabletype1 #!#o +babel_5116_db_dbo #!#babel_5116_tabletype2 #!#o +babel_5116_db_dbo #!#babel_5116_trig1 #!#o +babel_5116_db_dbo #!#babel_5116_trig2 #!#o +babel_5116_db_dbo #!#babel_5116_tvf1 #!#o +babel_5116_db_dbo #!#babel_5116_tvf2 #!#o +babel_5116_db_dbo #!#babel_5116_type1 #!#o +babel_5116_db_dbo #!#babel_5116_type2 #!#o +babel_5116_db_dbo #!#babel_5116_v1 #!#o +babel_5116_db_dbo #!#babel_5116_v2 #!#o +~~END~~ + + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Feature not supported: renaming object type Index)~~ + + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'babel_5116_db_dbo')~~ + +DROP SCHEMA guest +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'babel_5116_db_guest')~~ + + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/expected/single_db/BABEL-2403.out b/test/JDBC/expected/single_db/BABEL-2403.out index 08d51c0417..bc048f4028 100644 --- a/test/JDBC/expected/single_db/BABEL-2403.out +++ b/test/JDBC/expected/single_db/BABEL-2403.out @@ -115,6 +115,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} @@ -220,6 +226,12 @@ name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext m text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} +name#!#pg_catalog#!#rolname#!#{"Rule": " in babelfish_authid_user_ext must also exist in pg_authid"} +text#!#sys#!#name#!#{"Rule": " in babelfish_authid_user_ext must also exist in babelfish_sysdatabases"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} name#!#pg_catalog#!#proname#!#{"Rule": " in babelfish_function_ext must also exist in pg_proc"} name#!#sys#!#nspname#!#{"Rule": " in babelfish_function_ext must also exist in babelfish_namespace_ext"} diff --git a/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out b/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out index f01405e747..bd9742cef7 100644 --- a/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out +++ b/test/JDBC/expected/single_db/BABEL-LOGIN-USER-EXT.out @@ -698,12 +698,14 @@ db1_guest#!#guest#!##!#db1#!#guest db_accessadmin#!#db_accessadmin#!##!#db1#!# db_datareader#!#db_datareader#!##!#db1#!# db_datawriter#!#db_datawriter#!##!#db1#!# +db_ddladmin#!#db_ddladmin#!##!#db1#!# db_owner#!#db_owner#!##!#db1#!# db_securityadmin#!#db_securityadmin#!##!#db1#!# dbo#!#dbo#!##!#db1#!#dbo master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -711,6 +713,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -718,6 +721,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -886,6 +890,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -893,6 +898,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -900,6 +906,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -954,12 +961,14 @@ db1_guest#!##!#guest#!#db1#!#guest db_accessadmin#!##!#db_accessadmin#!#db1#!# db_datareader#!##!#db_datareader#!#db1#!# db_datawriter#!##!#db_datawriter#!#db1#!# +db_ddladmin#!##!#db_ddladmin#!#db1#!# db_owner#!##!#db_owner#!#db1#!# db_securityadmin#!##!#db_securityadmin#!#db1#!# dbo#!##!#dbo#!#db1#!#dbo master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -967,6 +976,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -974,6 +984,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -992,6 +1003,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1027,6 +1039,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# @@ -1169,6 +1182,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1176,6 +1190,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1183,6 +1198,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1206,6 +1222,7 @@ varchar#!#nvarchar#!#varchar#!#nvarchar#!#nvarchar master_db_accessadmin#!#db_accessadmin#!##!#master#!# master_db_datareader#!#db_datareader#!##!#master#!# master_db_datawriter#!#db_datawriter#!##!#master#!# +master_db_ddladmin#!#db_ddladmin#!##!#master#!# master_db_owner#!#db_owner#!##!#master#!# master_db_securityadmin#!#db_securityadmin#!##!#master#!# master_dbo#!#dbo#!##!#master#!#dbo @@ -1213,6 +1230,7 @@ master_guest#!#guest#!##!#master#!#guest msdb_db_accessadmin#!#db_accessadmin#!##!#msdb#!# msdb_db_datareader#!#db_datareader#!##!#msdb#!# msdb_db_datawriter#!#db_datawriter#!##!#msdb#!# +msdb_db_ddladmin#!#db_ddladmin#!##!#msdb#!# msdb_db_owner#!#db_owner#!##!#msdb#!# msdb_db_securityadmin#!#db_securityadmin#!##!#msdb#!# msdb_dbo#!#dbo#!##!#msdb#!#dbo @@ -1220,6 +1238,7 @@ msdb_guest#!#guest#!##!#msdb#!#guest tempdb_db_accessadmin#!#db_accessadmin#!##!#tempdb#!# tempdb_db_datareader#!#db_datareader#!##!#tempdb#!# tempdb_db_datawriter#!#db_datawriter#!##!#tempdb#!# +tempdb_db_ddladmin#!#db_ddladmin#!##!#tempdb#!# tempdb_db_owner#!#db_owner#!##!#tempdb#!# tempdb_db_securityadmin#!#db_securityadmin#!##!#tempdb#!# tempdb_dbo#!#dbo#!##!#tempdb#!#dbo @@ -1513,6 +1532,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1534,6 +1554,7 @@ babel_4935_no_sysadmin2 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1554,6 +1575,7 @@ babel_4935_no_sysadmin1 db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo @@ -1573,6 +1595,7 @@ varchar db_accessadmin db_datareader db_datawriter +db_ddladmin db_owner db_securityadmin dbo diff --git a/test/JDBC/expected/single_db/BABEL-USER.out b/test/JDBC/expected/single_db/BABEL-USER.out index a38500e1d7..5e9f0f41b8 100644 --- a/test/JDBC/expected/single_db/BABEL-USER.out +++ b/test/JDBC/expected/single_db/BABEL-USER.out @@ -53,12 +53,14 @@ db1_guest#!##!#guest#!#db1#!#guest db_accessadmin#!##!#db_accessadmin#!#db1#!# db_datareader#!##!#db_datareader#!#db1#!# db_datawriter#!##!#db_datawriter#!#db1#!# +db_ddladmin#!##!#db_ddladmin#!#db1#!# db_owner#!##!#db_owner#!#db1#!# db_securityadmin#!##!#db_securityadmin#!#db1#!# dbo#!##!#dbo#!#db1#!#dbo master_db_accessadmin#!##!#db_accessadmin#!#master#!# master_db_datareader#!##!#db_datareader#!#master#!# master_db_datawriter#!##!#db_datawriter#!#master#!# +master_db_ddladmin#!##!#db_ddladmin#!#master#!# master_db_owner#!##!#db_owner#!#master#!# master_db_securityadmin#!##!#db_securityadmin#!#master#!# master_dbo#!##!#dbo#!#master#!#dbo @@ -66,6 +68,7 @@ master_guest#!##!#guest#!#master#!#guest msdb_db_accessadmin#!##!#db_accessadmin#!#msdb#!# msdb_db_datareader#!##!#db_datareader#!#msdb#!# msdb_db_datawriter#!##!#db_datawriter#!#msdb#!# +msdb_db_ddladmin#!##!#db_ddladmin#!#msdb#!# msdb_db_owner#!##!#db_owner#!#msdb#!# msdb_db_securityadmin#!##!#db_securityadmin#!#msdb#!# msdb_dbo#!##!#dbo#!#msdb#!#dbo @@ -73,6 +76,7 @@ msdb_guest#!##!#guest#!#msdb#!#guest tempdb_db_accessadmin#!##!#db_accessadmin#!#tempdb#!# tempdb_db_datareader#!##!#db_datareader#!#tempdb#!# tempdb_db_datawriter#!##!#db_datawriter#!#tempdb#!# +tempdb_db_ddladmin#!##!#db_ddladmin#!#tempdb#!# tempdb_db_owner#!##!#db_owner#!#tempdb#!# tempdb_db_securityadmin#!##!#db_securityadmin#!#tempdb#!# tempdb_dbo#!##!#dbo#!#tempdb#!#dbo @@ -91,6 +95,7 @@ dbo#!#dbo db_accessadmin#!# db_datareader#!# db_datawriter#!# +db_ddladmin#!# db_owner#!# db_securityadmin#!# INFORMATION_SCHEMA#!# diff --git a/test/JDBC/expected/single_db/Test_rename_db_single-db.out b/test/JDBC/expected/single_db/Test_rename_db_single-db.out index 31fd69b3ce..60bae32610 100644 --- a/test/JDBC/expected/single_db/Test_rename_db_single-db.out +++ b/test/JDBC/expected/single_db/Test_rename_db_single-db.out @@ -35,6 +35,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -87,6 +88,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -139,6 +141,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -191,6 +194,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -255,6 +259,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -307,6 +312,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 @@ -359,6 +365,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database1 db_datareader#!##!#db_datareader#!#rename_db_database1 db_datawriter#!##!#db_datawriter#!#rename_db_database1 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database1 db_owner#!##!#db_owner#!#rename_db_database1 db_securityadmin#!##!#db_securityadmin#!#rename_db_database1 dbo#!##!#dbo#!#rename_db_database1 @@ -411,6 +418,7 @@ varchar#!#varchar#!#nvarchar#!#nvarchar db_accessadmin#!##!#db_accessadmin#!#rename_db_database2 db_datareader#!##!#db_datareader#!#rename_db_database2 db_datawriter#!##!#db_datawriter#!#rename_db_database2 +db_ddladmin#!##!#db_ddladmin#!#rename_db_database2 db_owner#!##!#db_owner#!#rename_db_database2 db_securityadmin#!##!#db_securityadmin#!#rename_db_database2 dbo#!##!#dbo#!#rename_db_database2 diff --git a/test/JDBC/expected/single_db/datareader_datawriter.out b/test/JDBC/expected/single_db/datareader_datawriter.out index 4a0dcfa4f5..0c73791dd4 100644 --- a/test/JDBC/expected/single_db/datareader_datawriter.out +++ b/test/JDBC/expected/single_db/datareader_datawriter.out @@ -284,7 +284,7 @@ go -- Insert the results of sp_helprole into the temporary table INSERT INTO #UserRoles EXEC sp_helprole; go -~~ROW COUNT: 6~~ +~~ROW COUNT: 7~~ -- Select the desired fields from the temporary table SELECT RoleName, IsAppRole FROM #UserRoles WHERE RoleName IN ('db_datareader', 'db_datawriter'); diff --git a/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out b/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out index ad75861ef1..e357df9036 100644 --- a/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out +++ b/test/JDBC/expected/single_db/db_accessadmin-vu-verify.out @@ -605,6 +605,7 @@ GO ~~START~~ nvarchar#!#varchar db_accessadmin#!#=C +db_ddladmin#!#=C db_securityadmin#!#=C dbo#!#=CTc ~~END~~ diff --git a/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out new file mode 100644 index 0000000000..7ad07feb56 --- /dev/null +++ b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out @@ -0,0 +1,1099 @@ +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +0 +~~END~~ + +SELECT CURRENT_USER +GO +~~START~~ +varchar +babel_5116_l1 +~~END~~ + +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to create new login)~~ + +CREATE USER u +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: role "u" does not exist)~~ + +CREATE ROLE r +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE TABLE t (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE PROCEDURE p AS SELECT 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE t FROM sys.varchar(10) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +CREATE TYPE tabletype AS TABLE (id INT) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +TRUNCATE TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +CREATE SCHEMA babel_5116_sch1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for database jdbc_testdb)~~ + + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t3)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for schema master_dbo)~~ + + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + + + +DROP LOGIN babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the login 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP VIEW babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of view babel_5116_v1)~~ + +DROP SEQUENCE babel_5116_s1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of sequence babel_5116_s1)~~ + +DROP TRIGGER babel_5116_trig +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of relation babel_5116_t1)~~ + +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of index babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b)~~ + +DROP TABLE babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of table babel_5116_t1)~~ + +DROP FUNCTION babel_5116_f1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_f1)~~ + +DROP FUNCTION babel_5116_tvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_tvf1)~~ + +DROP FUNCTION babel_5116_mtvf1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of function babel_5116_mtvf1)~~ + +DROP PROC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of procedure babel_5116_p1)~~ + +DROP TYPE babel_5116_type1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_type1)~~ + +DROP TYPE babel_5116_tabletype1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of type babel_5116_tabletype1)~~ + + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO +~~START~~ +int +~~END~~ + + +-- tsql +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +CREATE DATABASE babel_5116_db1; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Only one user database allowed under single-db mode. User database "babel_5116_db" already exists)~~ + +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot find the principal 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + +DROP DATABASE babel_5116_db; +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: must be owner of database babel_5116_db)~~ + + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +~~START~~ +int +1 +~~END~~ + + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +CREATE ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to perform this action.)~~ + +DROP USER babel_5116_l3 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l3', because it does not exist or you do not have permission.)~~ + +DROP USER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the user 'babel_5116_l2', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r1', because it does not exist or you do not have permission.)~~ + +DROP ROLE babel_5116_r2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the role 'babel_5116_r2', because it does not exist or you do not have permission.)~~ + + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO +~~START~~ +int +~~END~~ + + + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +DELETE FROM babel_5116_t1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +UPDATE babel_5116_t1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t1)~~ + +SELECT * FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +DELETE FROM babel_5116_t2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +UPDATE babel_5116_t2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for table babel_5116_t2)~~ + +SELECT * FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +DELETE FROM babel_5116_v1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +UPDATE babel_5116_v1 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v1)~~ + +SELECT * FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +DELETE FROM babel_5116_v2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + +UPDATE babel_5116_v2 SET id = 1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for view babel_5116_v2)~~ + + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s1)~~ + +SELECT NEXT VALUE FOR babel_5116_s2; +GO +~~START~~ +bigint +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for sequence babel_5116_s2)~~ + + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p1)~~ + +EXEC babel_5116_p2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for procedure babel_5116_p2)~~ + +SELECT babel_5116_f1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f1)~~ + +SELECT babel_5116_f2() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_f2)~~ + +SELECT * FROM babel_5116_tvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_tvf1)~~ + +SELECT * FROM babel_5116_mtvf1() +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for function babel_5116_mtvf1)~~ + + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Current login babel_5116_l1 does not have permission to alter role babel_5116_db_babel_5116_r1)~~ + +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: permission denied for column "tableoid" of relation "babel_5116_t1")~~ + +REVOKE CONNECT TO babel_5116_l2 +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Grantor does not have GRANT permission.)~~ + + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +~~START~~ +char#!#char +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#dbo +babel_5116_idx1babel_5116_t2e29153c477c95d679c4b63370567552b #!#dbo +babel_5116_pt #!#dbo +babel_5116_pt_saleid_seq #!#dbo +babel_5116_s1 #!#dbo +babel_5116_s2 #!#dbo +babel_5116_t1 #!#dbo +babel_5116_t2 #!#dbo +babel_5116_t3 #!#dbo +babel_5116_tabletype1 #!#dbo +babel_5116_tabletype2 #!#dbo +babel_5116_v1 #!#dbo +babel_5116_v2 #!#dbo +babel_5116_idx1babel_5116_t1e29153c477c95d679c4b63370567552b #!#master_dbo +babel_5116_s1 #!#master_dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +~~START~~ +char#!#char +babel_5116_f1 #!#dbo +babel_5116_f2 #!#dbo +babel_5116_mtvf1 #!#dbo +babel_5116_mtvf2 #!#dbo +babel_5116_p1 #!#dbo +babel_5116_p2 #!#dbo +babel_5116_trig1 #!#dbo +babel_5116_trig2 #!#dbo +babel_5116_tvf1 #!#dbo +babel_5116_tvf2 #!#dbo +babel_5116_f1 #!#master_dbo +babel_5116_mtvf1 #!#master_dbo +babel_5116_p1 #!#master_dbo +babel_5116_trig #!#master_dbo +babel_5116_tvf1 #!#master_dbo +~~END~~ + +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO +~~START~~ +char#!#char +babel_5116_pt #!#dbo +babel_5116_t1 #!#dbo +babel_5116_t2 #!#dbo +babel_5116_t3 #!#dbo +babel_5116_tabletype1 #!#dbo +babel_5116_tabletype2 #!#dbo +babel_5116_type1 #!#dbo +babel_5116_type2 #!#dbo +babel_5116_v1 #!#dbo +babel_5116_v2 #!#dbo +babel_5116_t1 #!#master_dbo +babel_5116_t3 #!#master_dbo +babel_5116_tabletype1 #!#master_dbo +babel_5116_type1 #!#master_dbo +babel_5116_v1 #!#master_dbo +~~END~~ + + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +~~END~~ + + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO +~~START~~ +char#!#char#!#varchar +db_ddladmin #!#babel_5116_pt #!#a +db_ddladmin #!#babel_5116_t1 #!#a +db_ddladmin #!#babel_5116_t2 #!#a +db_ddladmin #!#babel_5116_t3 #!#a +db_ddladmin #!#babel_5116_v1 #!#a +db_ddladmin #!#babel_5116_v2 #!#a +dbo #!#babel_5116_f1 #!#o +dbo #!#babel_5116_f2 #!#o +dbo #!#babel_5116_mtvf1 #!#o +dbo #!#babel_5116_mtvf2 #!#o +dbo #!#babel_5116_p1 #!#o +dbo #!#babel_5116_p2 #!#o +dbo #!#babel_5116_pt #!#o +dbo #!#babel_5116_pt_saleid_s#!#o +dbo #!#babel_5116_s1 #!#o +dbo #!#babel_5116_s2 #!#o +dbo #!#babel_5116_t1 #!#o +dbo #!#babel_5116_t2 #!#o +dbo #!#babel_5116_t3 #!#o +dbo #!#babel_5116_tabletype1 #!#o +dbo #!#babel_5116_tabletype2 #!#o +dbo #!#babel_5116_trig1 #!#o +dbo #!#babel_5116_trig2 #!#o +dbo #!#babel_5116_tvf1 #!#o +dbo #!#babel_5116_tvf2 #!#o +dbo #!#babel_5116_type1 #!#o +dbo #!#babel_5116_type2 #!#o +dbo #!#babel_5116_v1 #!#o +dbo #!#babel_5116_v2 #!#o +~~END~~ + + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Feature not supported: renaming object type Index)~~ + + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: User does not have permission to rename the database 'babel_5116_db', the database does not exist, or the database is not in a state that allows access checks.)~~ + + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'dbo')~~ + +DROP SCHEMA guest +GO +~~ERROR (Code: 33557097)~~ + +~~ERROR (Message: Cannot drop the schema 'guest')~~ + + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/input/BABEL-2409.mix b/test/JDBC/input/BABEL-2409.mix index d7e6cddaa7..f1af60fdc1 100644 --- a/test/JDBC/input/BABEL-2409.mix +++ b/test/JDBC/input/BABEL-2409.mix @@ -17,6 +17,8 @@ GO -- psql CREATE SCHEMA master_xyz; GO +ALTER SCHEMA master_xyz OWNER TO master_dbo; +GO -- tsql DROP SCHEMA xyz; diff --git a/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix b/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix index dae08b913f..789723463d 100644 --- a/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix +++ b/test/JDBC/input/BABEL-SP_COLUMN_PRIVILEGES.mix @@ -1,5 +1,5 @@ --- sla 60000 --- sla_for_parallel_query_enforced 60000 +-- sla 160000 +-- sla_for_parallel_query_enforced 160000 -- tsql CREATE DATABASE db1 GO diff --git a/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql b/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql index 10e07819a9..0a9df38749 100644 --- a/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql +++ b/test/JDBC/input/BABEL-SP_TABLE_PRIVILIGES-vu-verify.sql @@ -1,4 +1,4 @@ --- sla 30000 +-- sla 160000 use babel_sp_table_priviliges_vu_prepare_db1 go diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql b/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql new file mode 100644 index 0000000000..15232964aa --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-cleanup.sql @@ -0,0 +1,42 @@ +DROP DATABASE babel_5116_db +GO + +USE master +GO + +DROP LOGIN babel_5116_l1 +GO +DROP LOGIN babel_5116_l2 +GO +DROP LOGIN babel_5116_l3 +GO +DROP USER babel_5116_l1 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO \ No newline at end of file diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql b/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql new file mode 100644 index 0000000000..c459bdc080 --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-prepare.sql @@ -0,0 +1,95 @@ +USE master +GO + +CREATE LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +CREATE LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO + +CREATE DATABASE babel_5116_db +GO +USE babel_5116_db +GO + +CREATE USER babel_5116_l1 +GO +CREATE USER babel_5116_l2 +GO +CREATE ROLE babel_5116_r1 +GO +CREATE TABLE babel_5116_t1 (id INT, con_col INT NOT NULL CONSTRAINT babel_5116_constr1 UNIQUE) +GO +CREATE TABLE babel_5116_t3 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER babel_5116_trig1 ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v1 AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s1 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p1 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type1 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype1 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch2 AUTHORIZATION babel_5116_r1 +GO diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix new file mode 100644 index 0000000000..716a9adf18 --- /dev/null +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix @@ -0,0 +1,610 @@ +-- single_db_mode_expected +-- tsql +-- RESET LOGIN PASSWORD +ALTER LOGIN babel_5116_l1 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l2 WITH PASSWORD = '12345678' +GO +ALTER LOGIN babel_5116_l3 WITH PASSWORD = '12345678' +GO + +USE babel_5116_db +GO + +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +------------------------------------------------------------------- +---- babel_5116_l1 user SHOULD NOT BE ABLE TO DO ANY DDLS/DMLS ---- +---- IN BBF DATABASES WHERE IT IS NOT A MEMBER OF DB_DDLADMIN ---- +------------------------------------------------------------------- +SELECT IS_ROLEMEMBER('db_ddladmin') +GO +SELECT CURRENT_USER +GO +CREATE LOGIN l WITH PASSWORD = '12345678' +GO +CREATE USER u +GO +CREATE ROLE r +GO +CREATE TABLE t (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t1 (id) +GO +CREATE TRIGGER trig ON babel_5116_t1 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW v AS SELECT * FROM babel_5116_t1 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE p AS SELECT 1 +GO +CREATE FUNCTION f() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION tvff1() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE t FROM sys.varchar(10) +GO +CREATE TYPE tabletype AS TABLE (id INT) +GO +TRUNCATE TABLE babel_5116_t1 +GO +CREATE SCHEMA babel_5116_sch1 +GO +CREATE SCHEMA babel_5116_sch1 AUTHORIZATION babel_5116_r1 +GO + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO + + +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER PROC babel_5116_p1 AS SELECT 2 +GO + + +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO + + +DROP LOGIN babel_5116_l1 +GO +DROP USER babel_5116_l1 +GO +DROP ROLE babel_5116_r1 +GO +DROP VIEW babel_5116_v1 +GO +DROP SEQUENCE babel_5116_s1 +GO +DROP TRIGGER babel_5116_trig +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t1 +GO +DROP FUNCTION babel_5116_f1 +GO +DROP FUNCTION babel_5116_tvf1 +GO +DROP FUNCTION babel_5116_mtvf1 +GO +DROP PROC babel_5116_p1 +GO +DROP TYPE babel_5116_type1 +GO +DROP TYPE babel_5116_tabletype1 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl1(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl1 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl1 +GO + +DECLARE @babel_5116_tblvar1 table(id int); SELECT * FROM @babel_5116_tblvar1; +GO + +/********** DATABASE DDLs ARE NOT ALLOWED **********/ +-- tsql +USE master +GO +ALTER ROLE db_ddladmin ADD MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=master +SELECT IS_ROLEMEMBER('db_ddladmin') +GO + +CREATE DATABASE babel_5116_db1; +GO +ALTER AUTHORIZATION ON DATABASE::babel_5116_db TO babel_5116_l3; +GO +ALTER DATABASE babel_5116_db MODIFY NAME = babel_5116_dbx; +GO +DROP DATABASE babel_5116_db; +GO + +-- tsql +USE master +GO +ALTER ROLE db_ddladmin DROP MEMBER babel_5116_l1 +GO + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** LOGGED IN USING DDLADMIN **********/ +SELECT IS_ROLEMEMBER('db_ddladmin') +GO + +/********** ROLE DDLs ARE NOT ALLOWED **********/ +CREATE USER babel_5116_l3 +GO +CREATE ROLE babel_5116_r2 +GO +DROP USER babel_5116_l3 +GO +DROP USER babel_5116_l2 +GO +DROP ROLE babel_5116_r1 +GO +DROP ROLE babel_5116_r2 +GO + +/********** CREATE DDLs ARE ALLOWED TO DDLADMIN **********/ +CREATE TABLE babel_5116_t2 (id INT) +GO +CREATE INDEX babel_5116_idx1 ON babel_5116_t2 (id) +GO +CREATE TRIGGER babel_5116_trig2 ON babel_5116_t2 AFTER INSERT AS SELECT 1 +GO +CREATE VIEW babel_5116_v2 AS SELECT * FROM babel_5116_t2 +GO +CREATE SEQUENCE babel_5116_s2 START WITH 1000 INCREMENT BY 1 +GO +CREATE PROCEDURE babel_5116_p2 AS SELECT 1 +GO +CREATE FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 1 END +GO +CREATE FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '1' AS col +); +GO +CREATE FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (1) RETURN +END +GO +CREATE TYPE babel_5116_type2 FROM sys.varchar(10) +GO +CREATE TYPE babel_5116_tabletype2 AS TABLE (id INT) +GO +CREATE SCHEMA babel_5116_sch3 +GO +CREATE SCHEMA babel_5116_sch4 AUTHORIZATION babel_5116_r1 +GO + +/********** ALTER DDLs ARE ALLOWED TO DDLADMIN **********/ +ALTER TABLE babel_5116_t1 ADD id_new INT +GO +ALTER TABLE babel_5116_t2 ADD id_new INT +GO +ALTER TABLE babel_5116_t3 ADD babel_5116_col_nw INT NULL; +GO +ALTER TABLE babel_5116_t3 DROP babel_5116_col_nw; +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constr2 UNIQUE (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constr3 UNIQUE (id) +GO +ALTER TABLE babel_5116_t1 ADD CONSTRAINT babel_5116_constrfk1 FOREIGN KEY (id_new) REFERENCES babel_5116_t2 (id) +GO +ALTER TABLE babel_5116_t2 ADD CONSTRAINT babel_5116_constrfk2 FOREIGN KEY (id_new) REFERENCES babel_5116_t1 (id) +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constrfk1 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constrfk2 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr1 +GO +ALTER TABLE babel_5116_t1 DROP CONSTRAINT babel_5116_constr2 +GO +ALTER TABLE babel_5116_t2 DROP CONSTRAINT babel_5116_constr3 +GO +ALTER SEQUENCE babel_5116_s1 MINVALUE 99; +GO +ALTER SEQUENCE babel_5116_s2 MINVALUE 99; +GO + +/********** ENABLE DISABLE TRIGGER SHOULD ALSO BE ALLOWED TO DDLADMIN **********/ +ENABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +ENABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO +DISABLE TRIGGER babel_5116_trig1 ON babel_5116_t1 +GO +DISABLE TRIGGER babel_5116_trig2 ON babel_5116_t2 +GO + +/********** TRUNCATE ON TABLE SHOULD BE ALLOWED **********/ +TRUNCATE TABLE babel_5116_t1 +GO +TRUNCATE TABLE babel_5116_t2 +GO + +/********** TEMP TABLE AND TABLE VARIABLE SHOULD WORK **********/ +CREATE TABLE #babel_5116_temptbl2(a int, b int); +GO + +ALTER TABLE #babel_5116_temptbl2 ADD c INT; +GO + +DROP TABLE #babel_5116_temptbl2 +GO + +DECLARE @babel_5116_tblvar2 table(id int); SELECT * FROM @babel_5116_tblvar2; +GO + +/********** SHOULD BE ABLE TO CREATE PARTITION FUNCTIONS, SCHEMES OR TABLES **********/ + +CREATE PARTITION FUNCTION babel_5116_pf1 (datetime) +AS RANGE RIGHT FOR VALUES +( + '2023-01-01', + '2024-01-01', + '2025-01-01' +); +GO + +CREATE PARTITION SCHEME babel_5116_ps +AS PARTITION babel_5116_pf1 +ALL TO ([PRIMARY]); +GO + +CREATE TABLE babel_5116_pt +( + SaleId INT IDENTITY(1,1), + SaleDate datetime, + Amount decimal(10,2), + CustomerId int, + ProductId int +) ON babel_5116_ps(SaleDate); -- Specify the partitioning column +GO + +/********** DMLs SHOULD STILL BE BLOCKED **********/ +/********** ON ALL OBJECTS OLD OR NEW **********/ +/********** IRRESPECTIVE OF WHO CREATED **********/ +SELECT * FROM babel_5116_t1 +GO +INSERT INTO babel_5116_t1 (id) VALUES (1) +GO +DELETE FROM babel_5116_t1 +GO +UPDATE babel_5116_t1 SET id = 1 +GO +SELECT * FROM babel_5116_t2 +GO +INSERT INTO babel_5116_t2 (id) VALUES (1) +GO +DELETE FROM babel_5116_t2 +GO +UPDATE babel_5116_t2 SET id = 1 +GO +SELECT * FROM babel_5116_v1 +GO +INSERT INTO babel_5116_v1 (id) VALUES (1) +GO +DELETE FROM babel_5116_v1 +GO +UPDATE babel_5116_v1 SET id = 1 +GO +SELECT * FROM babel_5116_v2 +GO +INSERT INTO babel_5116_v2 (id) VALUES (1) +GO +DELETE FROM babel_5116_v2 +GO +UPDATE babel_5116_v2 SET id = 1 +GO + +SELECT NEXT VALUE FOR babel_5116_s1; +GO +SELECT NEXT VALUE FOR babel_5116_s2; +GO + +/********** EXECUTE SHOULD STILL BE BLOCKED **********/ +EXEC babel_5116_p1 +GO +EXEC babel_5116_p2 +GO +SELECT babel_5116_f1() +GO +SELECT babel_5116_f2() +GO +SELECT * FROM babel_5116_tvf1() +GO +SELECT * FROM babel_5116_mtvf1() +GO + +/********** GRANT REVOKE IS NOT ALLOWED **********/ +ALTER ROLE babel_5116_r1 ADD MEMBER babel_5116_l2 +GO +GRANT SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +GRANT CONNECT TO babel_5116_l2 +GO +ALTER ROLE babel_5116_r1 DROP MEMBER babel_5116_l2 +GO +REVOKE SELECT ON babel_5116_t1 TO babel_5116_l2 +GO +REVOKE CONNECT TO babel_5116_l2 +GO + +/********** OBJECT OWNER SHOULD BE SCHEMA OWNER WHEN OBJECT IS CREATED BY DDLADMIN **********/ +SELECT CAST(relname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_class c + JOIN pg_roles r ON (c.relowner = r.oid) + WHERE relname LIKE 'babel_5116%' + ORDER BY r.rolname, relname; +GO +SELECT CAST(proname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_proc p + JOIN pg_roles r ON (p.proowner = r.oid) + WHERE proname LIKE 'babel_5116%' + ORDER BY r.rolname, proname; +GO +SELECT CAST(typname AS CHAR(65)), CAST(r.rolname AS CHAR(20)) + FROM pg_type t + JOIN pg_roles r ON (t.typowner = r.oid) + WHERE typname LIKE 'babel_5116%' + ORDER BY r.rolname, typname; +GO + +-- tsql database=babel_5116_db +/********** DDLADMIN SHOULD NOT BE A DEPENDANT OF ANY OBJECT WE CREATED IN THIS TEST **********/ +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_depend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO + +SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptype FROM pg_shdepend d + JOIN pg_roles r ON (d.refobjid = r.oid) + WHERE + object_name(objid) LIKE 'babel_5116%' AND + refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND + r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND + NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + ORDER BY deptype, r.rolname, object_name(objid); +GO + +/********** ALTER ROUTINES ARE ALLOWED TO DDLADMIN **********/ +ALTER FUNCTION babel_5116_f1() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_f2() RETURNS INT AS BEGIN RETURN 2 END +GO +ALTER FUNCTION babel_5116_tvf1() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf1() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO +ALTER FUNCTION babel_5116_tvf2() +RETURNS TABLE AS RETURN +( + SELECT '2' AS col +); +GO +ALTER FUNCTION babel_5116_mtvf2() +RETURNS @result TABLE([Id] int) AS +BEGIN + INSERT INTO @result VALUES (2) RETURN +END +GO + +ALTER PROC babel_5116_p1 AS SELECT 2 +GO +ALTER PROC babel_5116_p2 AS SELECT 2 +GO + + +-- tsql user=babel_5116_l1 password=12345678 database=babel_5116_db +/********** RENAMING OBJECTs SHOULD BE ALLOWED **********/ +sp_rename 'babel_5116_t1.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_t2.id_new', 'id_new_name', 'COLUMN' +GO +sp_rename 'babel_5116_trig1', 'babel_5116_trig1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_trig2', 'babel_5116_trig2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v1', 'babel_5116_v1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_v2', 'babel_5116_v2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s1', 'babel_5116_s1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_s2', 'babel_5116_s2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t2', 'babel_5116_t2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_t1', 'babel_5116_t1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f2', 'babel_5116_f2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_f1', 'babel_5116_f1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf1', 'babel_5116_tvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tvf2', 'babel_5116_tvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf1', 'babel_5116_mtvf1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_mtvf2', 'babel_5116_mtvf2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p2', 'babel_5116_p2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_p1', 'babel_5116_p1_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_type2', 'babel_5116_type2_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_type1', 'babel_5116_type1_new_name', 'USERDATATYPE' +GO +sp_rename 'babel_5116_tabletype2', 'babel_5116_tabletype2_new_name', 'OBJECT' +GO +sp_rename 'babel_5116_tabletype1', 'babel_5116_tabletype1_new_name', 'OBJECT' +GO + +/********** UNSUPPORTED RENAMING IN BABELFISH **********/ +/********** SHOULD BE ALLOWED WHENEVER SUPPORTED **********/ +sp_rename 'babel_5116_t1.babel_5116_idx1', 'babel_5116_idx1_new_name', 'INDEX' +GO + +/********** NOT ALLOWED RENAMING TO DB_DDLADMIN **********/ +sp_rename 'babel_5116_db', 'babel_5116_db_new_name', 'DATABASE' +GO + +/********** DROPPING BUILTIN SCHEMAs SHOULD NOT BE ALLOWED **********/ +DROP SCHEMA dbo +GO +DROP SCHEMA guest +GO + +/********** DROP DDLs **********/ +DROP TRIGGER babel_5116_trig1_new_name +GO +DROP TRIGGER babel_5116_trig2_new_name +GO +DROP VIEW babel_5116_v1_new_name +GO +DROP VIEW babel_5116_v2_new_name +GO +DROP SEQUENCE babel_5116_s1_new_name +GO +DROP SEQUENCE babel_5116_s2_new_name +GO +DROP INDEX babel_5116_idx1 ON babel_5116_t1 +GO +DROP TABLE babel_5116_t3 +GO +DROP TABLE babel_5116_t2_new_name +GO +DROP TABLE babel_5116_t1_new_name +GO +DROP FUNCTION babel_5116_f2_new_name +GO +DROP FUNCTION babel_5116_f1_new_name +GO +DROP FUNCTION babel_5116_tvf1_new_name +GO +DROP FUNCTION babel_5116_tvf2_new_name +GO +DROP FUNCTION babel_5116_mtvf1_new_name +GO +DROP FUNCTION babel_5116_mtvf2_new_name +GO +DROP PROC babel_5116_p2_new_name +GO +DROP PROC babel_5116_p1_new_name +GO +DROP TYPE babel_5116_type2_new_name +GO +DROP TYPE babel_5116_type1_new_name +GO +DROP TYPE babel_5116_tabletype2_new_name +GO +DROP TYPE babel_5116_tabletype1_new_name +GO + +DROP SCHEMA babel_5116_sch1 +GO +DROP SCHEMA babel_5116_sch2 +GO +DROP SCHEMA babel_5116_sch3 +GO +DROP SCHEMA babel_5116_sch4 +GO + +DROP TABLE babel_5116_pt +GO +DROP PARTITION SCHEME babel_5116_ps +GO +DROP PARTITION FUNCTION babel_5116_pf1 +GO diff --git a/test/JDBC/upgrade/14_10/schedule b/test/JDBC/upgrade/14_10/schedule index f28f04ee92..22ec1a6cbe 100644 --- a/test/JDBC/upgrade/14_10/schedule +++ b/test/JDBC/upgrade/14_10/schedule @@ -466,6 +466,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_11/schedule b/test/JDBC/upgrade/14_11/schedule index 661397f16e..aa2d10c22f 100644 --- a/test/JDBC/upgrade/14_11/schedule +++ b/test/JDBC/upgrade/14_11/schedule @@ -464,6 +464,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_12/schedule b/test/JDBC/upgrade/14_12/schedule index 551229ac8c..ca7b215e85 100644 --- a/test/JDBC/upgrade/14_12/schedule +++ b/test/JDBC/upgrade/14_12/schedule @@ -465,6 +465,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_13/schedule b/test/JDBC/upgrade/14_13/schedule index be7861dc30..3df2ce5058 100644 --- a/test/JDBC/upgrade/14_13/schedule +++ b/test/JDBC/upgrade/14_13/schedule @@ -465,6 +465,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_14/schedule b/test/JDBC/upgrade/14_14/schedule index be7861dc30..3df2ce5058 100644 --- a/test/JDBC/upgrade/14_14/schedule +++ b/test/JDBC/upgrade/14_14/schedule @@ -465,6 +465,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_6/schedule b/test/JDBC/upgrade/14_6/schedule index 04a0a7e10f..88309f53ef 100644 --- a/test/JDBC/upgrade/14_6/schedule +++ b/test/JDBC/upgrade/14_6/schedule @@ -434,6 +434,7 @@ binary-datatype-operators BABEL-5059-before-14_7-or-15_2 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_7/schedule b/test/JDBC/upgrade/14_7/schedule index 3989ee8613..5ab0abdedc 100644 --- a/test/JDBC/upgrade/14_7/schedule +++ b/test/JDBC/upgrade/14_7/schedule @@ -456,6 +456,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_8/schedule b/test/JDBC/upgrade/14_8/schedule index 6f71a777c5..5d027a918b 100644 --- a/test/JDBC/upgrade/14_8/schedule +++ b/test/JDBC/upgrade/14_8/schedule @@ -458,6 +458,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/14_9/schedule b/test/JDBC/upgrade/14_9/schedule index f775273c92..d16321066e 100644 --- a/test/JDBC/upgrade/14_9/schedule +++ b/test/JDBC/upgrade/14_9/schedule @@ -461,6 +461,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_1/schedule b/test/JDBC/upgrade/15_1/schedule index fa8f9ec8de..85a56e1703 100644 --- a/test/JDBC/upgrade/15_1/schedule +++ b/test/JDBC/upgrade/15_1/schedule @@ -434,6 +434,7 @@ binary-datatype-operators BABEL-5059-before-14_7-or-15_2 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_2/schedule b/test/JDBC/upgrade/15_2/schedule index 34238abacb..b55d01d937 100644 --- a/test/JDBC/upgrade/15_2/schedule +++ b/test/JDBC/upgrade/15_2/schedule @@ -469,6 +469,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_3/schedule b/test/JDBC/upgrade/15_3/schedule index d6ae7de948..5b3b1973e8 100644 --- a/test/JDBC/upgrade/15_3/schedule +++ b/test/JDBC/upgrade/15_3/schedule @@ -488,6 +488,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_4/schedule b/test/JDBC/upgrade/15_4/schedule index a6b37dd406..25ea564ec3 100644 --- a/test/JDBC/upgrade/15_4/schedule +++ b/test/JDBC/upgrade/15_4/schedule @@ -501,6 +501,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_5/schedule b/test/JDBC/upgrade/15_5/schedule index a85b74b4c1..4741602be7 100644 --- a/test/JDBC/upgrade/15_5/schedule +++ b/test/JDBC/upgrade/15_5/schedule @@ -532,6 +532,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_6/schedule b/test/JDBC/upgrade/15_6/schedule index 714ecbb430..f6c798f15b 100644 --- a/test/JDBC/upgrade/15_6/schedule +++ b/test/JDBC/upgrade/15_6/schedule @@ -548,6 +548,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/15_7/schedule b/test/JDBC/upgrade/15_7/schedule index 8731c9dac0..85dd3c4a77 100644 --- a/test/JDBC/upgrade/15_7/schedule +++ b/test/JDBC/upgrade/15_7/schedule @@ -555,6 +555,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/15_8/schedule b/test/JDBC/upgrade/15_8/schedule index 27ae158795..9a50d3c41b 100644 --- a/test/JDBC/upgrade/15_8/schedule +++ b/test/JDBC/upgrade/15_8/schedule @@ -546,6 +546,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/15_9/schedule b/test/JDBC/upgrade/15_9/schedule index 61780ee1f2..3cfbef72a3 100644 --- a/test/JDBC/upgrade/15_9/schedule +++ b/test/JDBC/upgrade/15_9/schedule @@ -550,6 +550,7 @@ xml_exist-before-16_5 BABEL-5119_before_16_5 dbcreator_role db_accessadmin +db_ddladmin db_securityadmin BABEL-CASE_EXPR datareader_datawriter diff --git a/test/JDBC/upgrade/16_1/schedule b/test/JDBC/upgrade/16_1/schedule index b0dc970a20..71ef4155cc 100644 --- a/test/JDBC/upgrade/16_1/schedule +++ b/test/JDBC/upgrade/16_1/schedule @@ -541,6 +541,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin securityadmin_role dbcreator_role diff --git a/test/JDBC/upgrade/16_2/schedule b/test/JDBC/upgrade/16_2/schedule index 585946bf90..d19f1f9c74 100644 --- a/test/JDBC/upgrade/16_2/schedule +++ b/test/JDBC/upgrade/16_2/schedule @@ -557,6 +557,7 @@ BABEL-5059_before_16_5 cast-varchar-to-time dbcreator_role db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/16_3/schedule b/test/JDBC/upgrade/16_3/schedule index abe490ba71..2d06e15576 100644 --- a/test/JDBC/upgrade/16_3/schedule +++ b/test/JDBC/upgrade/16_3/schedule @@ -559,6 +559,7 @@ binary-datatype-operators BABEL-5059_before_16_5 cast-varchar-to-time db_accessadmin +db_ddladmin db_securityadmin xml_exist-before-16_5 GRANT_SCHEMA-before-15_9-16_5 diff --git a/test/JDBC/upgrade/16_4/schedule b/test/JDBC/upgrade/16_4/schedule index bb5a8e4ec3..80ebf0785b 100644 --- a/test/JDBC/upgrade/16_4/schedule +++ b/test/JDBC/upgrade/16_4/schedule @@ -572,6 +572,7 @@ cast-varchar-to-time xml_exist-before-16_5 BABEL-5119_before_16_5 db_accessadmin +db_ddladmin db_securityadmin GRANT_SCHEMA-before-15_9-16_5 BABEL-CASE_EXPR-before-16_5-or-15_9 diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index 3e1c89ca23..eff4e8e45c 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -582,6 +582,7 @@ BABEL-5119 dbcreator_role BABEL-5129 db_accessadmin +db_ddladmin db_securityadmin BABEL-CASE_EXPR charindex_replace_patindex From 56ff08205ceef6053179c8c0688d7716d6e19374 Mon Sep 17 00:00:00 2001 From: ANJU BHARTI Date: Tue, 19 Nov 2024 11:52:39 +0000 Subject: [PATCH 2/2] Fix Test failures for PG17 Signed-off-by: ANJU BHARTI --- .github/workflows/jdbc-tests-db-collation.yml | 2 +- .github/workflows/jdbc-tests-single-db-mode.yml | 2 +- .../jdbc-tests-with-non-default-server-collation.yml | 2 +- .github/workflows/jdbc-tests-with-parallel-query.yml | 2 +- .github/workflows/major-version-upgrade.yml | 2 +- .github/workflows/minor-version-upgrade.yml | 2 +- .github/workflows/pg_dump-restore-test.yml | 2 +- .github/workflows/pr-code-coverage.yml | 2 +- .github/workflows/singledb-version-upgrade.yml | 2 +- .github/workflows/sql-validation-tests.yml | 2 +- .github/workflows/static-code-analyzer.yml | 2 +- .github/workflows/tap-tests.yml | 2 +- .github/workflows/unit-tests.yml | 2 +- .github/workflows/upgrade-test.yml | 2 +- test/JDBC/expected/db_ddladmin-vu-verify.out | 3 ++- test/JDBC/expected/single_db/db_ddladmin-vu-verify.out | 3 ++- test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix | 3 ++- test/JDBC/upgrade/13_6/schedule | 1 - test/JDBC/upgrade/13_7/schedule | 1 - test/JDBC/upgrade/13_8/schedule | 1 - test/JDBC/upgrade/13_9/schedule | 1 - test/JDBC/upgrade/14_10/schedule | 2 -- test/JDBC/upgrade/14_11/schedule | 2 -- test/JDBC/upgrade/14_12/schedule | 2 -- test/JDBC/upgrade/14_13/schedule | 2 -- test/JDBC/upgrade/14_14/schedule | 2 -- test/JDBC/upgrade/14_15/schedule | 2 -- test/JDBC/upgrade/14_3/schedule | 1 - test/JDBC/upgrade/14_5/schedule | 1 - test/JDBC/upgrade/14_6/schedule | 2 -- test/JDBC/upgrade/14_7/schedule | 2 -- test/JDBC/upgrade/14_8/schedule | 2 -- test/JDBC/upgrade/14_9/schedule | 2 -- test/JDBC/upgrade/15_1/schedule | 2 -- test/JDBC/upgrade/15_10/schedule | 8 ++++++-- test/JDBC/upgrade/15_2/schedule | 2 -- test/JDBC/upgrade/15_3/schedule | 2 -- test/JDBC/upgrade/15_4/schedule | 2 -- test/JDBC/upgrade/15_5/schedule | 2 -- test/JDBC/upgrade/15_6/schedule | 2 -- test/JDBC/upgrade/15_7/schedule | 2 -- test/JDBC/upgrade/15_8/schedule | 2 -- test/JDBC/upgrade/15_9/schedule | 2 -- test/JDBC/upgrade/16_1/schedule | 2 -- test/JDBC/upgrade/16_2/schedule | 2 -- test/JDBC/upgrade/16_3/schedule | 2 -- test/JDBC/upgrade/16_4/schedule | 2 -- test/JDBC/upgrade/16_5/schedule | 3 +-- test/JDBC/upgrade/latest/schedule | 2 -- 49 files changed, 27 insertions(+), 75 deletions(-) diff --git a/.github/workflows/jdbc-tests-db-collation.yml b/.github/workflows/jdbc-tests-db-collation.yml index fe0b2210bf..c3082fdc89 100644 --- a/.github/workflows/jdbc-tests-db-collation.yml +++ b/.github/workflows/jdbc-tests-db-collation.yml @@ -1,5 +1,5 @@ name: JDBC Tests DB COLLATION -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-single-db-mode.yml b/.github/workflows/jdbc-tests-single-db-mode.yml index c41282acad..fdc2dc127a 100644 --- a/.github/workflows/jdbc-tests-single-db-mode.yml +++ b/.github/workflows/jdbc-tests-single-db-mode.yml @@ -1,5 +1,5 @@ name: JDBC Tests With Single-DB Migration Mode -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-with-non-default-server-collation.yml b/.github/workflows/jdbc-tests-with-non-default-server-collation.yml index e51fc1ca45..5ee0a0325e 100644 --- a/.github/workflows/jdbc-tests-with-non-default-server-collation.yml +++ b/.github/workflows/jdbc-tests-with-non-default-server-collation.yml @@ -1,5 +1,5 @@ name: JDBC Tests with Non Default Server Collation -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-jdbc-tests: diff --git a/.github/workflows/jdbc-tests-with-parallel-query.yml b/.github/workflows/jdbc-tests-with-parallel-query.yml index 16ad0fd857..390f2f0246 100644 --- a/.github/workflows/jdbc-tests-with-parallel-query.yml +++ b/.github/workflows/jdbc-tests-with-parallel-query.yml @@ -1,5 +1,5 @@ name: JDBC Tests With Parallel Query -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-jdbc-tests-with-parallel-query-mode: diff --git a/.github/workflows/major-version-upgrade.yml b/.github/workflows/major-version-upgrade.yml index c472548b1e..6ab90b1bd2 100644 --- a/.github/workflows/major-version-upgrade.yml +++ b/.github/workflows/major-version-upgrade.yml @@ -1,5 +1,5 @@ name: Major Version Upgrade Tests for empty database -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-mvu-tests: diff --git a/.github/workflows/minor-version-upgrade.yml b/.github/workflows/minor-version-upgrade.yml index 7f19120ebe..873354e4a6 100644 --- a/.github/workflows/minor-version-upgrade.yml +++ b/.github/workflows/minor-version-upgrade.yml @@ -1,5 +1,5 @@ name: Minor Version Upgrade Tests for empty database -on: [pull_request] +on: [] jobs: extension-tests: diff --git a/.github/workflows/pg_dump-restore-test.yml b/.github/workflows/pg_dump-restore-test.yml index 6174bc4af4..0807cf3dc0 100644 --- a/.github/workflows/pg_dump-restore-test.yml +++ b/.github/workflows/pg_dump-restore-test.yml @@ -1,5 +1,5 @@ name: pg_dump/restore Test Framework -on: [pull_request] +on: [push, pull_request] jobs: generate-dump-restore-tests: diff --git a/.github/workflows/pr-code-coverage.yml b/.github/workflows/pr-code-coverage.yml index 0ca9814aeb..476c2d7eb4 100644 --- a/.github/workflows/pr-code-coverage.yml +++ b/.github/workflows/pr-code-coverage.yml @@ -1,5 +1,5 @@ name: Tests -on: [pull_request] +on: [push, pull_request] jobs: diff --git a/.github/workflows/singledb-version-upgrade.yml b/.github/workflows/singledb-version-upgrade.yml index b72548c741..a35d90dc18 100644 --- a/.github/workflows/singledb-version-upgrade.yml +++ b/.github/workflows/singledb-version-upgrade.yml @@ -1,5 +1,5 @@ name: Major Version Upgrade Tests for singledb mode -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-mvu-tests-singledb: diff --git a/.github/workflows/sql-validation-tests.yml b/.github/workflows/sql-validation-tests.yml index 3abfe077b1..5fedaa0a58 100644 --- a/.github/workflows/sql-validation-tests.yml +++ b/.github/workflows/sql-validation-tests.yml @@ -1,5 +1,5 @@ name: Validate Installation/Upgrade Scripts -on: [pull_request] +on: [push, pull_request] jobs: run-sql-validation-tests: diff --git a/.github/workflows/static-code-analyzer.yml b/.github/workflows/static-code-analyzer.yml index 910afa2667..f7b22e75ed 100644 --- a/.github/workflows/static-code-analyzer.yml +++ b/.github/workflows/static-code-analyzer.yml @@ -1,5 +1,5 @@ name: Static Code Analyzer -on: [pull_request] +on: [push, pull_request] jobs: run-static-code-analyzer: diff --git a/.github/workflows/tap-tests.yml b/.github/workflows/tap-tests.yml index 31a7aa6d26..bbc6c861ea 100644 --- a/.github/workflows/tap-tests.yml +++ b/.github/workflows/tap-tests.yml @@ -1,5 +1,5 @@ name: TAP Tests -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-tap-tests: diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 442cee65bf..cc9f9930ac 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -1,5 +1,5 @@ name: Unit Tests -on: [pull_request] +on: [push, pull_request] jobs: run-babelfish-unit-tests: diff --git a/.github/workflows/upgrade-test.yml b/.github/workflows/upgrade-test.yml index a817a2736c..29b24c9715 100644 --- a/.github/workflows/upgrade-test.yml +++ b/.github/workflows/upgrade-test.yml @@ -1,5 +1,5 @@ name: Version Upgrade Test Framework -on: [pull_request] +on: [push, pull_request] jobs: generate-version-upgrade-tests: diff --git a/test/JDBC/expected/db_ddladmin-vu-verify.out b/test/JDBC/expected/db_ddladmin-vu-verify.out index 98cb216f06..1ff8a5753f 100644 --- a/test/JDBC/expected/db_ddladmin-vu-verify.out +++ b/test/JDBC/expected/db_ddladmin-vu-verify.out @@ -885,7 +885,8 @@ SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptyp refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') - AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) ORDER BY deptype, r.rolname, object_name(objid); GO ~~START~~ diff --git a/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out index 7ad07feb56..aedf5945b5 100644 --- a/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out +++ b/test/JDBC/expected/single_db/db_ddladmin-vu-verify.out @@ -885,7 +885,8 @@ SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptyp refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') - AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) ORDER BY deptype, r.rolname, object_name(objid); GO ~~START~~ diff --git a/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix index 716a9adf18..85c1fe9982 100644 --- a/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix +++ b/test/JDBC/input/fixed_roles/db_ddladmin-vu-verify.mix @@ -445,7 +445,8 @@ SELECT CAST(r.rolname AS CHAR(30)), CAST(object_name(objid) AS char(22)), deptyp refclassid = (SELECT oid FROM pg_class WHERE relname = 'pg_authid') AND r.rolname NOT LIKE '%datareader%' AND r.rolname NOT LIKE '%datawriter%' AND NOT (object_name(objid) = 'babel_5116_tabletype1' AND deptype = 'a') - AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') + AND (r.rolname LIKE '%dbo%' OR r.rolname LIKE '%db_ddladmin%') AND deptype!= 'i' + AND (r.rolname NOT IN ('ad_db_db_ddladmin', 'alter_db_db_ddladmin')) ORDER BY deptype, r.rolname, object_name(objid); GO diff --git a/test/JDBC/upgrade/13_6/schedule b/test/JDBC/upgrade/13_6/schedule index 6228f3e305..2d24b9e5fb 100644 --- a/test/JDBC/upgrade/13_6/schedule +++ b/test/JDBC/upgrade/13_6/schedule @@ -120,7 +120,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_7/schedule b/test/JDBC/upgrade/13_7/schedule index 1b501bec0d..0500dfd72d 100644 --- a/test/JDBC/upgrade/13_7/schedule +++ b/test/JDBC/upgrade/13_7/schedule @@ -118,7 +118,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_8/schedule b/test/JDBC/upgrade/13_8/schedule index 9a3896dc98..8ced60486f 100644 --- a/test/JDBC/upgrade/13_8/schedule +++ b/test/JDBC/upgrade/13_8/schedule @@ -118,7 +118,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/13_9/schedule b/test/JDBC/upgrade/13_9/schedule index 3132d3ccf5..3d179581b1 100644 --- a/test/JDBC/upgrade/13_9/schedule +++ b/test/JDBC/upgrade/13_9/schedule @@ -117,7 +117,6 @@ BABEL-PG-SYSTEM-FUNCTIONS BABEL-PROCID BABEL-RAND BABEL-ROLE -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_10/schedule b/test/JDBC/upgrade/14_10/schedule index 22ec1a6cbe..fb6b3bbfc7 100644 --- a/test/JDBC/upgrade/14_10/schedule +++ b/test/JDBC/upgrade/14_10/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -387,7 +386,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_11/schedule b/test/JDBC/upgrade/14_11/schedule index aa2d10c22f..b59529cbd9 100644 --- a/test/JDBC/upgrade/14_11/schedule +++ b/test/JDBC/upgrade/14_11/schedule @@ -133,7 +133,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -388,7 +387,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_12/schedule b/test/JDBC/upgrade/14_12/schedule index ca7b215e85..fb8a14a790 100644 --- a/test/JDBC/upgrade/14_12/schedule +++ b/test/JDBC/upgrade/14_12/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_13/schedule b/test/JDBC/upgrade/14_13/schedule index 3df2ce5058..2eb8d49da6 100644 --- a/test/JDBC/upgrade/14_13/schedule +++ b/test/JDBC/upgrade/14_13/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_14/schedule b/test/JDBC/upgrade/14_14/schedule index 3df2ce5058..2eb8d49da6 100644 --- a/test/JDBC/upgrade/14_14/schedule +++ b/test/JDBC/upgrade/14_14/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_15/schedule b/test/JDBC/upgrade/14_15/schedule index 577bddcad2..563d39d550 100644 --- a/test/JDBC/upgrade/14_15/schedule +++ b/test/JDBC/upgrade/14_15/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -386,7 +385,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/14_3/schedule b/test/JDBC/upgrade/14_3/schedule index 27c7db34be..e5cc527e01 100644 --- a/test/JDBC/upgrade/14_3/schedule +++ b/test/JDBC/upgrade/14_3/schedule @@ -124,7 +124,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_5/schedule b/test/JDBC/upgrade/14_5/schedule index d2eec220d6..fe326ec843 100644 --- a/test/JDBC/upgrade/14_5/schedule +++ b/test/JDBC/upgrade/14_5/schedule @@ -123,7 +123,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SP_COLUMNS_MANAGED-dep BABEL-SP_FKEYS BABEL-SP_FKEYS-dep diff --git a/test/JDBC/upgrade/14_6/schedule b/test/JDBC/upgrade/14_6/schedule index 88309f53ef..ef61aa9c90 100644 --- a/test/JDBC/upgrade/14_6/schedule +++ b/test/JDBC/upgrade/14_6/schedule @@ -58,7 +58,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -138,7 +137,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_7/schedule b/test/JDBC/upgrade/14_7/schedule index 5ab0abdedc..4e6ed604b3 100644 --- a/test/JDBC/upgrade/14_7/schedule +++ b/test/JDBC/upgrade/14_7/schedule @@ -60,7 +60,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -151,7 +150,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_8/schedule b/test/JDBC/upgrade/14_8/schedule index 5d027a918b..58dea02851 100644 --- a/test/JDBC/upgrade/14_8/schedule +++ b/test/JDBC/upgrade/14_8/schedule @@ -60,7 +60,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -149,7 +148,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/14_9/schedule b/test/JDBC/upgrade/14_9/schedule index d16321066e..4d7b3ea5fd 100644 --- a/test/JDBC/upgrade/14_9/schedule +++ b/test/JDBC/upgrade/14_9/schedule @@ -132,7 +132,6 @@ BABEL-2845 BABEL-2884 BABEL-2944 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3249 BABEL-3486 @@ -387,7 +386,6 @@ case_insensitive_collation-before-16_5-or-15_9 sys-has_perms_by_name sys-has_perms_by_name-dep BABEL_OBJECT_ID-before-16_5-or-15_9 -BABEL_SCHEMATA isc-schemata-dep AVG-Aggregate-common AVG-Aggregate-Dep diff --git a/test/JDBC/upgrade/15_1/schedule b/test/JDBC/upgrade/15_1/schedule index 85a56e1703..7ec0a67477 100644 --- a/test/JDBC/upgrade/15_1/schedule +++ b/test/JDBC/upgrade/15_1/schedule @@ -58,7 +58,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -137,7 +136,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_10/schedule b/test/JDBC/upgrade/15_10/schedule index 337d7ae52c..3241261bb3 100644 --- a/test/JDBC/upgrade/15_10/schedule +++ b/test/JDBC/upgrade/15_10/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -544,10 +542,16 @@ replace binary-datatype-operators BABEL-5059_before_16_5 SELECT_INTO_TEST +securityadmin_role cast-varchar-to-time xml_exist-before-16_5 BABEL-5119_before_16_5 +dbcreator_role +db_accessadmin +db_securityadmin BABEL-CASE_EXPR +datareader_datawriter +db_ddladmin BABEL-5186 BABEL-2736 diff --git a/test/JDBC/upgrade/15_2/schedule b/test/JDBC/upgrade/15_2/schedule index b55d01d937..48a564027a 100644 --- a/test/JDBC/upgrade/15_2/schedule +++ b/test/JDBC/upgrade/15_2/schedule @@ -60,7 +60,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -150,7 +149,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_3/schedule b/test/JDBC/upgrade/15_3/schedule index 5b3b1973e8..ac6ba9af26 100644 --- a/test/JDBC/upgrade/15_3/schedule +++ b/test/JDBC/upgrade/15_3/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -160,7 +159,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_4/schedule b/test/JDBC/upgrade/15_4/schedule index 25ea564ec3..670e5ef640 100644 --- a/test/JDBC/upgrade/15_4/schedule +++ b/test/JDBC/upgrade/15_4/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -162,7 +161,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_5/schedule b/test/JDBC/upgrade/15_5/schedule index 4741602be7..a6fa04290a 100644 --- a/test/JDBC/upgrade/15_5/schedule +++ b/test/JDBC/upgrade/15_5/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010-before-15_6 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -166,7 +165,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_6/schedule b/test/JDBC/upgrade/15_6/schedule index f6c798f15b..97b744248f 100644 --- a/test/JDBC/upgrade/15_6/schedule +++ b/test/JDBC/upgrade/15_6/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_7/schedule b/test/JDBC/upgrade/15_7/schedule index 85dd3c4a77..679ce852d3 100644 --- a/test/JDBC/upgrade/15_7/schedule +++ b/test/JDBC/upgrade/15_7/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -170,7 +169,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_8/schedule b/test/JDBC/upgrade/15_8/schedule index 9a50d3c41b..20b839b092 100644 --- a/test/JDBC/upgrade/15_8/schedule +++ b/test/JDBC/upgrade/15_8/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/15_9/schedule b/test/JDBC/upgrade/15_9/schedule index 3cfbef72a3..0a09f6f166 100644 --- a/test/JDBC/upgrade/15_9/schedule +++ b/test/JDBC/upgrade/15_9/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/16_1/schedule b/test/JDBC/upgrade/16_1/schedule index 71ef4155cc..bba11f9186 100644 --- a/test/JDBC/upgrade/16_1/schedule +++ b/test/JDBC/upgrade/16_1/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -168,7 +167,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/16_2/schedule b/test/JDBC/upgrade/16_2/schedule index d19f1f9c74..b558c362cb 100644 --- a/test/JDBC/upgrade/16_2/schedule +++ b/test/JDBC/upgrade/16_2/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/16_3/schedule b/test/JDBC/upgrade/16_3/schedule index 2d06e15576..45636063fd 100644 --- a/test/JDBC/upgrade/16_3/schedule +++ b/test/JDBC/upgrade/16_3/schedule @@ -63,7 +63,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/16_4/schedule b/test/JDBC/upgrade/16_4/schedule index 80ebf0785b..4b92c602ec 100644 --- a/test/JDBC/upgrade/16_4/schedule +++ b/test/JDBC/upgrade/16_4/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep diff --git a/test/JDBC/upgrade/16_5/schedule b/test/JDBC/upgrade/16_5/schedule index aa85ae3937..5c9a292363 100644 --- a/test/JDBC/upgrade/16_5/schedule +++ b/test/JDBC/upgrade/16_5/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep @@ -586,4 +584,5 @@ db_accessadmin datareader_datawriter dbcreator_role db_securityadmin +db_ddladmin diff --git a/test/JDBC/upgrade/latest/schedule b/test/JDBC/upgrade/latest/schedule index eff4e8e45c..f5b67e858d 100644 --- a/test/JDBC/upgrade/latest/schedule +++ b/test/JDBC/upgrade/latest/schedule @@ -62,7 +62,6 @@ BABEL-3000 BABEL-3000-dep BABEL-3010 BABEL-3116 -BABEL-3117 BABEL-3118 BABEL-3121 BABEL-3144 @@ -169,7 +168,6 @@ BABEL-PROCID BABEL-RAND BABEL-ROLE BABEL-ROLE-MEMBER -BABEL_SCHEMATA BABEL-SPCOLUMNS BABEL-SPCOLUMNS-dep BABEL-SP_COLUMNS_MANAGED-dep