DB__ROOTROLE not equivalent to DB__ROOT
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Trafodion |
In Progress
|
High
|
Cliff Gray | ||
Bug Description
The intent of DB__ROOTROLE is to grant DB__ROOT authority to non-anonymous users. There are several operations an administrator may need to perform that cannot be granted to DB__ROOTROLE (or any role or user) and therefore DB__ROOT is required.
1. DML Privileges
DB__ROOT can select from, insert into, update, reference, etc. for any object. Need to be able to grant DML privileges at the system level. Component privileges for each DML privilege, and corresponding WITH GRANT OPTION privilege are required.
2. Revoking existing grants
Bug 1447330 describes this problem for object and column grants and 1447328 describes the problem for component (system) grants. When schema privileges are added, a method needs to be provided for non-DB__ROOT users to revoke schema grants as well.
3. Grant privileges
The needs to be a method for non-DB__ROOT users to grant privileges at the system (component), schema, object, and column-levels. This includes both DDL and DML privileges as applicable. Related, there needs to be a method to grant privileges on behalf of a specific user or role.
