[#DERBY-1909] ALTER TABLE DROP COLUMN needs to update GRANTed column privileges

Derby

ALTER TABLE DROP COLUMN needs to update GRANTed column privileges

Created: 30/Sep/06 08:54 PM Updated: 23/Jun/09 05:33 AM

Return to search

Component/s:

SQL

Affects Version/s:

10.3.1.4

Fix Version/s:

10.3.1.4

Time Tracking:

Not Specified

File Attachments:

File Name	Date Attached	Attached By	Size
d1909_partial_incomplete.diff	2006-12-27 03:01 AM	Bryan Pendleton	6 kB
repro.sql	2006-12-26 06:52 PM	Bryan Pendleton	0.3 kB
rewrite_syscolperms_v1.diff	2006-12-28 04:55 PM	Bryan Pendleton	89 kB
rewrite_syscolperms_v1.stat	2006-12-28 04:55 PM	Bryan Pendleton	0.8 kB
rewrite_syscolperms_v2.diff	2007-01-06 04:21 PM	Bryan Pendleton	89 kB
rewrite_syscolperms_v3.diff	2007-02-04 07:10 PM	Bryan Pendleton	90 kB

Issue Links:

Reference

This issue relates to:

~~DERBY-2294~~ Missing sql script: '/org/apache/derbyTesting/functionTests/tests/lang/altertableDropColumn.sql'

~~DERBY-396~~ Support for ALTER STATEMENT to DROP , MODIFY, RENAME a COLUMN

This issue is related to:

~~DERBY-1847~~ SELECT statement asserts with XJ001 when attempted to select a newly added column in SQL authorization mode

~~DERBY-1489~~ Provide ALTER TABLE DROP COLUMN functionality

Resolution Date:

05/Feb/07 04:59 AM

Description

« Hide

When ALTER TABLE DROP COLUMN is used to drop a column from a table, it needs to update the GRANTed column privileges on that table.

The following behaviors need to be provided:
- DROP COLUMN needs to automatically revoke any privileges which have been granted on this column
- Privileges which have been granted on other columns in this table need to be adjusted due to changed column position numbers

When this problem is fixed, the following additional cleanup steps should occur:
- The check that disables DROP COLUMN in sqlAuthorization mode needs to be removed
- There is a comment in AlterTableConstantAction that needs to be revised
- The tests in lang/altertableDropColumn.sql should be moved into altertable.sql
- altertableDropColumn.sql and altertableDropColumn.out should be deleted

Search for this JIRA issue number in the code to find the relevant places to change.

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 30/Sep/06 08:56 PM

This issue is a follow-on from ~~DERBY-1489~~. ~~DERBY-1489~~ implements most of the DROP COLUMN behaviors, but did not handle the interaction with GRANTed column privileges.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 26/Dec/06 04:15 PM

The techniques in ~~DERBY-1847~~ may be useful as a building block for fixing this issue.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 26/Dec/06 06:52 PM

repro.sql is a first start at a script demonstrating the problem

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 27/Dec/06 03:01 AM

I started working on a possible patch, but hit a bit of a confusion while trying
to re-factor some code in DataDictionaryImpl.java. I don't want to lose the
work I did, so I'm attaching d1909_partial_incomplete.diff to save that work.
Hopefully I can pick up this work and continue it once I understand the ~~DERBY-1847~~
fix better.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 28/Dec/06 04:55 PM

Attached is rewrite_syscolperms_v1.diff, a proposed patch for this problem.

The core of this proposed patch involves refactoring and reusing the
~~DERBY-1847~~ method which knows how to rewrite SYSCOLPERMS rows
to update the COLUMNS column. The ~~DERBY-1847~~ version of that code
only handled the case of adding a bit to the COLUMNS column; this patch
extends that method to support removing a bit from the COLUMNS
column as well, then calls the method from the AlterTable execution logic.

The diff file is rather large because because it includes the removal of
altertableDropColumn.sql and altertableDropColumn.out, and the
merging of those files into altertable.sql and altertable.out, so the
entire contents of those files are included in the diff twice each :)

The rest of the diff is pretty small and straightforward and hopefully is
not hard to review.

The diff includes the proposed 2-line change from ~~DERBY-1847~~, because
that change is mandatory for this fix. Once the ~~DERBY-1847~~ change is
resolved, I'll revisit this diff to remove those two lines from DataDictionaryImpl.java

The proposed patch has one particularly interesting behavior: in the case
in which a column is dropped from a table, and there exists a user who
was granted privileges on that column, and that column only, in that table,
the diff processes their SYSCOLPERMS row and leaves a "empty" row; that
is, a row in which the COLUMNS column of SYSCOLPERMS has all bits clear.
From what I can tell, this does not cause any problems; the behavior is
reasonable. However, it might be argued that it would be preferable to
entirely delete the row in this case. Feedback from reviewers about this
behavior and about how to address it (if necessary), would be much appreciated.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 06/Jan/07 04:23 PM

Attached is rewrite_syscolperms_v2.diff. This patch proposal differs from
the v1 version only in that the code patch to DataDictionaryImpl.java
for ~~DERBY-1847~~ has been removed from this patch.

This patch now applies cleanly against the head of trunk and is, I
believe, ready for commit. derbyall and suites.All pass with this patch.
Please review the patch as time permits.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 04/Feb/07 07:10 PM

Attached is rewrite_syscolperms_v3.diff. This patch is up to date with the head of trunk, and includes the change to EmptyDictionary.java (thanks Andrew!).

I intend to commit this patch, unless I find any problems in my last re-run of derbyall & suites.All.

If there are any review comments, please let me know.

[ Permlink | « Hide ]

Bryan Pendleton added a comment - 05/Feb/07 04:59 AM

Committed rewrite_syscolperms_v3.diff to subversion as revision 503550.