DatabaseProcApplicationCreatedLinks
sybsystemprocssp_ijdbc_aux_computeprivs  31 Aug 14Defects Dependencies

1     
2     /*
3     **  sp_ijdbc_aux_computeprivs
4     */
5     
6     /* Got this from ODBC / installmaster script
7     ** It is needed for the following stored procs getColumnPrivileges and
8     ** getTablePrivileges.
9     ** The only change is the adding of 'order by' in the select statement that 
10    ** produces the output. 
11    */
12    
13    
14    create procedure sp_ijdbc_aux_computeprivs(
15        @table_name varchar(257),
16        @table_owner varchar(32),
17        @table_qualifier varchar(32),
18        @column_name varchar(257),
19        @calledfrom_colpriv tinyint,
20        @tab_id int)
21    
22    as
23    
24        declare @low int /* range of userids to check */
25        declare @high int
26        declare @max_uid int /* max uid allowed for a user*/
27        declare @grantor_name varchar(32) /* the ascii name of grantor. used for output */
28        declare @grantee_name varchar(32) /* the ascii name of grantee. us/sysprotected for output */
29        declare @col_count smallint /* number of columns in @table_name */
30        declare @grantee int /* id of the grantee */
31        declare @action smallint /* action refers to select, update...*/
32        declare @columns varbinary(133) /* bit map of column privilegs */
33        declare @protecttype tinyint /* grant/revoke or grant with grant option */
34        declare @grantor int /* id of the grantor of the privilege */
35        declare @grp_id int /* the group a user belongs to */
36        declare @grant_type tinyint /* used as a constant */
37        declare @revoke_type tinyint /* used as a constant */
38        declare @select_action smallint /* used as a constant */
39        declare @update_action smallint /* used as a constant */
40        declare @reference_action smallint /* used as a constant */
41        declare @insert_action smallint /* used as a constant */
42        declare @delete_action smallint /* used as a constant */
43        declare @public_select varbinary(133) /* stores select column bit map for public */
44        declare @public_reference varbinary(133) /* stores reference column bit map for public */
45        declare @public_update varbinary(133) /* stores update column bit map for public */
46        declare @public_insert tinyint /* stores if insert has been granted to public */
47        declare @public_delete tinyint /* store if delete has been granted to public */
48        declare @grp_select varbinary(133) /* stores select column bit map for group */
49        declare @grp_update varbinary(133) /* stores update column bit map for group */
50        declare @grp_reference varbinary(133) /* stores reference column bit map for group */
51        declare @grp_delete tinyint /* if group hs been granted delete privilege */
52        declare @grp_insert tinyint /* if group has been granted insert privilege */
53        declare @inherit_select varbinary(133) /* stores select column bit map for 
54        inherited privs*/
55        declare @inherit_update varbinary(133) /* stores update column bit map for 
56        inherited privs*/
57        declare @inherit_reference varbinary(133) /* stores reference column bit map for 
58        inherited privs*/
59        declare @inherit_insert tinyint /* inherited insert priv */
60        declare @inherit_delete tinyint /* inherited delete priv */
61        declare @select_go varbinary(133) /* user column bit map of select with grant */
62        declare @update_go varbinary(133) /* user column bit map of update with grant */
63        declare @reference_go varbinary(133) /* user column bitmap of reference with grant */
64        declare @insert_go tinyint /* user insert priv with grant option */
65        declare @delete_go tinyint /* user delete priv with grant option  */
66        declare @prev_grantor tinyint /* used to detact if the grantor has changed 
67        between two consecutive tuples*/
68        declare @col_pos smallint /* col_pos of the column we are interested in. It
69        is used to find the col-bit in the bitmap*/
70        declare @owner_id int /* id of the owner of the table */
71        declare @dbid smallint /* dbid for the table */
72        declare @grantable varchar(3) /* 'YES' or 'NO' if the privilege is grantable or
73        not*/
74        declare @is_printable tinyint /* 1, if the privilege info is to be outputted */
75        declare @curr_column varchar(257) /* name of the column being printed */
76        declare @save_column_name varchar(257)
77    
78        if @@trancount = 0
79        begin
80            set chained off
81        end
82    
83        set transaction isolation level 1
84    
85        /* 
86        ** Initialize all constants to be used in this procedure
87        */
88    
89        select @grant_type = 1
90    
91        select @revoke_type = 2
92    
93        select @select_action = 193
94    
95        select @reference_action = 151
96    
97        select @update_action = 197
98    
99        select @delete_action = 196
100   
101       select @insert_action = 195
102   
103       select @max_uid = @@maxuserid
104   
105       select @low = 0, @high = 32767
106       select @dbid = db_id()
107       select @save_column_name = @column_name
108       select @column_name = '%'
109       /* 
110       ** compute the table owner id
111       */
112   
113       select @owner_id = uid
114       from sysobjects
115       where id = @tab_id
116   
117       /*
118       ** create a temporary sysprotects table that only has grant/revoke tuples
119       ** for the requested table. This is done as an optimization as the sysprotects
120       ** table may need to be traversed several times
121       */
122   
123       create table #sysprotects
124       (uid int,
125           action smallint,
126           protecttype tinyint,
127           columns varbinary(133) NULL,
128           grantor int)
129   
130       /*
131       ** This table contains all the groups including PUBLIC that users, who
132       ** have been granted privilege on this table, belong to. Also it includes
133       ** groups that have been explicitly granted privileges on the table object
134       */
135       create table #useful_groups
136       (grp_id int)
137   
138       /*
139       ** create a table that contains the list of grantors for the object requested.
140       ** We will do a cartesian product of this table with sysusers in the
141       ** current database to capture all grantor/grantee tuples
142       */
143   
144       create table #distinct_grantors
145       (grantor int)
146   
147       /*
148       ** We need to create a table which will contain a row for every object
149       ** privilege to be returned to the client.  
150       */
151   
152       create table #column_privileges
153       (grantee_gid int,
154           grantor int,
155           grantee int,
156           insertpriv tinyint,
157           insert_go tinyint NULL,
158           deletepriv tinyint,
159           delete_go tinyint NULL,
160           selectpriv varbinary(133) NULL,
161           select_go varbinary(133) NULL,
162           updatepriv varbinary(133) NULL,
163           update_go varbinary(133) NULL,
164           referencepriv varbinary(133) NULL,
165           reference_go varbinary(133) NULL)
166   
167       /*
168       ** Results Table
169       */
170       create table #results_table
171       (table_qualifier varchar(32),
172           table_owner varchar(32),
173           table_name varchar(257),
174           column_name varchar(257) NULL,
175           grantor varchar(32),
176           grantee varchar(32),
177           privilege varchar(32),
178           is_grantable varchar(3))
179       /*
180       ** this cursor scans the distinct grantor, group_id pairs
181       */
182       declare grp_cursor cursor for
183       select distinct grp_id, grantor
184       from #useful_groups, #distinct_grantors
185       order by grantor
186   
187       /* 
188       ** this cursor scans all the protection tuples that represent
189       ** grant/revokes to users only
190       */
191       declare user_protect cursor for
192       select uid, action, protecttype, columns, grantor
193       from #sysprotects
194       where (uid > 0) and
195           (uid <= @max_uid)
196   
197   
198       /*
199       ** this cursor is used to scan #column_privileges table to output results
200       */
201       declare col_priv_cursor cursor for
202       select grantor, grantee, insertpriv, insert_go, deletepriv, delete_go,
203           selectpriv, select_go, updatepriv, update_go, referencepriv, reference_go
204       from #column_privileges
205   
206   
207   
208       /*
209       ** column count is needed for privilege bit-map manipulation
210       */
211       select @col_count = count(*)
212       from syscolumns
213       where id = @tab_id
214   
215   
216       /* 
217       ** populate the temporary sysprotects table #sysprotects
218       */
219   
220       insert into #sysprotects
221       select uid, action, protecttype, columns, grantor
222       from sysprotects where (id = @tab_id) and
223           ((action = @select_action) or
224               (action = @update_action) or
225               (action = @reference_action) or
226               (action = @insert_action) or
227               (action = @delete_action))
228   
229       /* 
230       ** insert privilege tuples for the table owner. There is no explicit grants
231       ** of these privileges to the owner. So these tuples are not there in sysprotects
232       ** table
233       */
234   
235       insert into #sysprotects
236       values (@owner_id, @select_action, 0, 0x01, @owner_id)
237       insert into #sysprotects
238       values (@owner_id, @update_action, 0, 0x01, @owner_id)
239       insert into #sysprotects
240       values (@owner_id, @reference_action, 0, 0x01, @owner_id)
241       insert into #sysprotects
242       values (@owner_id, @insert_action, 0, 0x00, @owner_id)
243       insert into #sysprotects
244       values (@owner_id, @delete_action, 0, 0x00, @owner_id)
245   
246       /* 
247       ** populate the #distinct_grantors table with all grantors that have granted
248       ** the privilege to users or to gid or to public on the table_name
249       */
250   
251       insert into #distinct_grantors
252       select distinct grantor from #sysprotects
253   
254       /* 
255       ** Populate the #column_privilegs table as a cartesian product of the table
256       ** #distinct_grantors and all the users, other than groups, in the current database
257       */
258   
259   
260       insert into #column_privileges
261       select gid, g.grantor, su.uid, 0, 0, 0, 0, 0x00, 0x00, 0x00, 0x00, 0x00,
262           0x00
263       from sysusers su, #distinct_grantors g
264       where (su.uid > 0) and
265           (su.uid <= @max_uid)
266   
267       /*
268       ** populate #useful_groups with only those groups whose members have been granted/revoked
269       ** privilges on the @tab_id in the current database. It also contains those groups
270       ** that have been granted/revoked privileges explicitly
271       */
272   
273       insert into #useful_groups
274       select distinct gid
275       from sysusers su, #sysprotects sp
276       where (su.uid = sp.uid)
277   
278   
279       open grp_cursor
280   
281       fetch grp_cursor into @grp_id, @grantor
282   
283       /* 
284       ** This loop computes all the inherited privilegs of users due
285       ** their membership in a group
286       */
287   
288       while (@@sqlstatus != 2)
289   
290       begin
291   
292           /* 
293           ** initialize variables 
294           */
295           select @public_select = 0x00
296           select @public_update = 0x00
297           select @public_reference = 0x00
298           select @public_delete = 0
299           select @public_insert = 0
300   
301   
302           /* get the select privileges granted to PUBLIC */
303   
304           if (exists (select * from #sysprotects
305                       where (grantor = @grantor) and
306                           (uid = 0) and
307                           (action = @select_action)))
308           begin
309               /* note there can't be any revoke row for PUBLIC */
310               select @public_select = columns
311               from #sysprotects
312               where (grantor = @grantor) and
313                   (uid = 0) and
314                   (action = @select_action)
315           end
316   
317   
318           /* get the update privilege granted to public */
319           if (exists (select * from #sysprotects
320                       where (grantor = @grantor) and
321                           (uid = 0) and
322                           (action = @update_action)))
323           begin
324               /* note there can't be any revoke row for PUBLIC */
325               select @public_update = columns
326               from #sysprotects
327               where (grantor = @grantor) and
328                   (uid = 0) and
329                   (action = @update_action)
330           end
331   
332           /* get the reference privileges granted to public */
333           if (exists (select * from #sysprotects
334                       where (grantor = @grantor) and
335                           (uid = 0) and
336                           (action = @reference_action)))
337           begin
338               /* note there can't be any revoke row for PUBLIC */
339               select @public_reference = columns
340               from #sysprotects
341               where (grantor = @grantor) and
342                   (uid = 0) and
343                   (action = @reference_action)
344           end
345   
346   
347           /* get the delete privilege granted to public */
348           if (exists (select * from #sysprotects
349                       where (grantor = @grantor) and
350                           (uid = 0) and
351                           (action = @delete_action)))
352           begin
353               /* note there can't be any revoke row for PUBLIC */
354               select @public_delete = 1
355           end
356   
357           /* get the insert privileges granted to public */
358           if (exists (select * from #sysprotects
359                       where (grantor = @grantor) and
360                           (uid = 0) and
361                           (action = @insert_action)))
362           begin
363               /* note there can't be any revoke row for PUBLIC */
364               select @public_insert = 1
365           end
366   
367   
368           /*
369           ** initialize group privileges 
370           */
371   
372           select @grp_select = 0x00
373           select @grp_update = 0x00
374           select @grp_reference = 0x00
375           select @grp_insert = 0
376           select @grp_delete = 0
377   
378           /* 
379           ** if the group id is other than PUBLIC, we need to find the grants to
380           ** the group also 
381           */
382   
383           if (@grp_id <> 0)
384           begin
385               /* find select privilege granted to group */
386               if (exists (select * from #sysprotects
387                           where (grantor = @grantor) and
388                               (uid = @grp_id) and
389                               (protecttype = @grant_type) and
390                               (action = @select_action)))
391               begin
392                   select @grp_select = columns
393                   from #sysprotects
394                   where (grantor = @grantor) and
395                       (uid = @grp_id) and
396                       (protecttype = @grant_type) and
397                       (action = @select_action)
398               end
399   
400               /* find update privileges granted to group */
401               if (exists (select * from #sysprotects
402                           where (grantor = @grantor) and
403                               (uid = @grp_id) and
404                               (protecttype = @grant_type) and
405                               (action = @update_action)))
406               begin
407                   select @grp_update = columns
408                   from #sysprotects
409                   where (grantor = @grantor) and
410                       (uid = @grp_id) and
411                       (protecttype = @grant_type) and
412                       (action = @update_action)
413               end
414   
415               /* find reference privileges granted to group */
416               if (exists (select * from #sysprotects
417                           where (grantor = @grantor) and
418                               (uid = @grp_id) and
419                               (protecttype = @grant_type) and
420                               (action = @reference_action)))
421               begin
422                   select @grp_reference = columns
423                   from #sysprotects
424                   where (grantor = @grantor) and
425                       (uid = @grp_id) and
426                       (protecttype = @grant_type) and
427                       (action = @reference_action)
428               end
429   
430               /* find delete privileges granted to group */
431               if (exists (select * from #sysprotects
432                           where (grantor = @grantor) and
433                               (uid = @grp_id) and
434                               (protecttype = @grant_type) and
435                               (action = @delete_action)))
436               begin
437   
438                   select @grp_delete = 1
439               end
440   
441               /* find insert privilege granted to group */
442               if (exists (select * from #sysprotects
443                           where (grantor = @grantor) and
444                               (uid = @grp_id) and
445                               (protecttype = @grant_type) and
446                               (action = @insert_action)))
447               begin
448   
449                   select @grp_insert = 1
450   
451               end
452   
453           end
454   
455           /* at this stage we have computed all the grants to PUBLIC as well as
456           ** the group by a specific grantor that we are interested in. Now we will
457           ** use this info to compute the overall inherited privilegs by the users
458           ** due to their membership to the group or to PUBLIC 
459           */
460   
461   
462           exec sybsystemprocs.dbo.syb_aux_privunion @public_select, @grp_select, @col_count,
463               @inherit_select output
464           exec sybsystemprocs.dbo.syb_aux_privunion @public_update, @grp_update, @col_count,
465               @inherit_update output
466           exec sybsystemprocs.dbo.syb_aux_privunion @public_reference, @grp_reference, @col_count,
467               @inherit_reference output
468   
469           select @inherit_insert = @public_insert + @grp_insert
470           select @inherit_delete = @public_delete + @grp_delete
471   
472           /*
473           ** initialize group privileges to store revokes
474           */
475   
476           select @grp_select = 0x00
477           select @grp_update = 0x00
478           select @grp_reference = 0x00
479           select @grp_insert = 0
480           select @grp_delete = 0
481   
482           /* 
483           ** now we need to find if there are any revokes on the group under
484           ** consideration. We will subtract all privileges that are revoked from the 
485           ** group from the inherited privileges
486           */
487   
488           if (@grp_id <> 0)
489           begin
490               /* check if there is a revoke row for select privilege*/
491               if (exists (select * from #sysprotects
492                           where (grantor = @grantor) and
493                               (uid = @grp_id) and
494                               (protecttype = @revoke_type) and
495                               (action = @select_action)))
496               begin
497                   select @grp_select = columns
498                   from #sysprotects
499                   where (grantor = @grantor) and
500                       (uid = @grp_id) and
501                       (protecttype = @revoke_type) and
502                       (action = @select_action)
503               end
504   
505               /* check if there is a revoke row for update privileges */
506               if (exists (select * from #sysprotects
507                           where (grantor = @grantor) and
508                               (uid = @grp_id) and
509                               (protecttype = @revoke_type) and
510                               (action = @update_action)))
511               begin
512                   select @grp_update = columns
513                   from #sysprotects
514                   where (grantor = @grantor) and
515                       (uid = @grp_id) and
516                       (protecttype = @revoke_type) and
517                       (action = @update_action)
518               end
519   
520               /* check if there is a revoke row for reference privilege */
521               if (exists (select * from #sysprotects
522                           where (grantor = @grantor) and
523                               (uid = @grp_id) and
524                               (protecttype = @revoke_type) and
525                               (action = @reference_action)))
526               begin
527                   select @grp_reference = columns
528                   from #sysprotects
529                   where (grantor = @grantor) and
530                       (uid = @grp_id) and
531                       (protecttype = @revoke_type) and
532                       (action = @reference_action)
533               end
534   
535               /* check if there is a revoke row for delete privilege */
536               if (exists (select * from #sysprotects
537                           where (grantor = @grantor) and
538                               (uid = @grp_id) and
539                               (protecttype = @revoke_type) and
540                               (action = @delete_action)))
541               begin
542                   select @grp_delete = 1
543               end
544   
545               /* check if there is a revoke row for insert privilege */
546               if (exists (select * from #sysprotects
547                           where (grantor = @grantor) and
548                               (uid = @grp_id) and
549                               (protecttype = @revoke_type) and
550                               (action = @insert_action)))
551               begin
552                   select @grp_insert = 1
553   
554               end
555   
556   
557               /* 
558               ** now subtract the revoked privileges from the group
559               */
560   
561               exec sybsystemprocs.dbo.syb_aux_privexor @inherit_select,
562                   @grp_select,
563                   @col_count,
564                   @inherit_select output
565   
566               exec sybsystemprocs.dbo.syb_aux_privexor @inherit_update,
567                   @grp_update,
568                   @col_count,
569                   @inherit_update output
570   
571               exec sybsystemprocs.dbo.syb_aux_privexor @inherit_reference,
572                   @grp_reference,
573                   @col_count,
574                   @inherit_reference output
575   
576               if (@grp_delete = 1)
577                   select @inherit_delete = 0
578   
579               if (@grp_insert = 1)
580                   select @inherit_insert = 0
581   
582           end
583   
584           /*
585           ** now update all the tuples in #column_privileges table for this
586           ** grantor and group id
587           */
588   
589           update #column_privileges
590           set
591               insertpriv = @inherit_insert,
592               deletepriv = @inherit_delete,
593               selectpriv = @inherit_select,
594               updatepriv = @inherit_update,
595               referencepriv = @inherit_reference
596   
597           where (grantor = @grantor) and
598               (grantee_gid = @grp_id)
599   
600   
601           /*
602           ** the following update updates the privileges for those users
603           ** whose groups have not been explicitly granted privileges by the
604           ** grantor. So they will all have all the privileges of the PUBLIC
605           ** that were granted by the current grantor
606           */
607   
608           select @prev_grantor = @grantor
609           fetch grp_cursor into @grp_id, @grantor
610   
611           if ((@prev_grantor <> @grantor) or (@@sqlstatus = 2))
612   
613           begin
614               /* Either we are at the end of the fetch or we are switching to
615               ** a different grantor. 
616               */
617   
618               update #column_privileges
619               set
620                   insertpriv = @public_insert,
621                   deletepriv = @public_delete,
622                   selectpriv = @public_select,
623                   updatepriv = @public_update,
624                   referencepriv = @public_reference
625               from #column_privileges cp
626               where (cp.grantor = @prev_grantor) and
627                   (not EXISTS (select *
628                           from #useful_groups ug
629                           where ug.grp_id = cp.grantee_gid))
630   
631           end
632       end
633   
634   
635       close grp_cursor
636   
637   
638       /* 
639       ** At this stage, we have populated the #column_privileges table with
640       ** all the inherited privileges
641       */
642   
643   
644       /* 
645       ** Now we will go through each user grant or revoke in table #sysprotects
646       ** and update the privileges in #column_privileges table
647       */
648       open user_protect
649   
650       fetch user_protect into @grantee, @action, @protecttype, @columns, @grantor
651   
652       while (@@sqlstatus != 2)
653       begin
654           /*
655           ** In this loop, we can find grant row, revoke row or grant with grant option
656           ** row. We use protecttype to figure that. If it is grant, then the user specific
657           ** privileges are added to the user's inherited privileges. If it is a revoke,
658           ** then the revoked privileges are subtracted from the inherited privileges. If
659           ** it is a grant with grant option, we just store it as is because privileges can
660           ** only be granted with grant option to individual users
661           */
662   
663           /* 
664           ** for select action
665           */
666           if (@action = @select_action)
667           begin
668               /* get the inherited select privilege */
669               select @inherit_select = selectpriv
670               from #column_privileges
671               where (grantee = @grantee) and
672                   (grantor = @grantor)
673   
674               if (@protecttype = @grant_type)
675                   /* the grantee has a individual grant */
676                   exec sybsystemprocs.dbo.syb_aux_privunion @inherit_select, @columns,
677                       @col_count, @inherit_select output
678   
679               else
680               if (@protecttype = @revoke_type)
681                   /* it is a revoke row */
682                   exec sybsystemprocs.dbo.syb_aux_privexor @inherit_select, @columns,
683                       @col_count, @inherit_select output
684   
685               else
686                   /* it is a grant with grant option */
687   
688                   select @select_go = @columns
689   
690               /* modify the privileges for this user */
691   
692               if ((@protecttype = @revoke_type) or (@protecttype = @grant_type))
693               begin
694                   update #column_privileges
695                   set selectpriv = @inherit_select
696                   where (grantor = @grantor) and
697                       (grantee = @grantee)
698               end
699               else
700               begin
701   
702                   update #column_privileges
703                   set select_go = @select_go
704                   where (grantor = @grantor) and
705                       (grantee = @grantee)
706               end
707           end
708   
709           /*
710           ** update action
711           */
712           if (@action = @update_action)
713           begin
714               /* find out the inherited update privilege */
715               select @inherit_update = updatepriv
716               from #column_privileges
717               where (grantee = @grantee) and
718                   (grantor = @grantor)
719   
720   
721               if (@protecttype = @grant_type)
722                   /* user has an individual grant */
723                   exec sybsystemprocs.dbo.syb_aux_privunion @inherit_update, @columns,
724                       @col_count, @inherit_update output
725   
726               else
727               if (@protecttype = @revoke_type)
728                   exec sybsystemprocs.dbo.syb_aux_privexor @inherit_update, @columns,
729                       @col_count, @inherit_update output
730   
731               else
732                   /* it is a grant with grant option */
733                   select @update_go = @columns
734   
735   
736               /* modify the privileges for this user */
737   
738               if ((@protecttype = @revoke_type) or (@protecttype = @grant_type))
739               begin
740                   update #column_privileges
741                   set updatepriv = @inherit_update
742                   where (grantor = @grantor) and
743                       (grantee = @grantee)
744               end
745               else
746               begin
747                   update #column_privileges
748                   set update_go = @update_go
749                   where (grantor = @grantor) and
750                       (grantee = @grantee)
751               end
752           end
753   
754           /* it is the reference privilege */
755           if (@action = @reference_action)
756           begin
757               select @inherit_reference = referencepriv
758               from #column_privileges
759               where (grantee = @grantee) and
760                   (grantor = @grantor)
761   
762   
763               if (@protecttype = @grant_type)
764                   /* the grantee has a individual grant */
765                   exec sybsystemprocs.dbo.syb_aux_privunion @inherit_reference, @columns,
766                       @col_count, @inherit_reference output
767   
768               else
769               if (@protecttype = @revoke_type)
770                   /* it is a revoke row */
771                   exec sybsystemprocs.dbo.syb_aux_privexor @inherit_reference, @columns,
772                       @col_count, @inherit_reference output
773   
774               else
775                   /* it is a grant with grant option */
776                   select @reference_go = @columns
777   
778   
779               /* modify the privileges for this user */
780   
781               if ((@protecttype = @revoke_type) or (@protecttype = @grant_type))
782               begin
783                   update #column_privileges
784                   set referencepriv = @inherit_reference
785                   where (grantor = @grantor) and
786                       (grantee = @grantee)
787               end
788               else
789               begin
790                   update #column_privileges
791                   set reference_go = @reference_go
792                   where (grantor = @grantor) and
793                       (grantee = @grantee)
794               end
795   
796           end
797   
798           /*
799           ** insert action
800           */
801   
802           if (@action = @insert_action)
803           begin
804               if (@protecttype = @grant_type)
805                   select @inherit_insert = 1
806               else
807               if (@protecttype = @revoke_type)
808                   select @inherit_insert = 0
809               else
810                   select @insert_go = 1
811   
812   
813               /* modify the privileges for this user */
814   
815               if ((@protecttype = @revoke_type) or (@protecttype = @grant_type))
816               begin
817                   update #column_privileges
818                   set insertpriv = @inherit_insert
819                   where (grantor = @grantor) and
820                       (grantee = @grantee)
821               end
822               else
823               begin
824                   update #column_privileges
825                   set insert_go = @insert_go
826                   where (grantor = @grantor) and
827                       (grantee = @grantee)
828               end
829   
830           end
831   
832           /* 
833           ** delete action
834           */
835   
836           if (@action = @delete_action)
837           begin
838               if (@protecttype = @grant_type)
839                   select @inherit_delete = 1
840               else
841               if (@protecttype = @revoke_type)
842                   select @inherit_delete = 0
843               else
844                   select @delete_go = 1
845   
846   
847               /* modify the privileges for this user */
848   
849               if ((@protecttype = @revoke_type) or (@protecttype = @grant_type))
850               begin
851                   update #column_privileges
852                   set deletepriv = @inherit_delete
853                   where (grantor = @grantor) and
854                       (grantee = @grantee)
855               end
856               else
857               begin
858                   update #column_privileges
859                   set delete_go = @delete_go
860                   where (grantor = @grantor) and
861                       (grantee = @grantee)
862               end
863   
864           end
865   
866           fetch user_protect into @grantee, @action, @protecttype, @columns, @grantor
867       end
868   
869       close user_protect
870   
871       open col_priv_cursor
872       fetch col_priv_cursor into @grantor, @grantee, @inherit_insert, @insert_go,
873           @inherit_delete, @delete_go, @inherit_select, @select_go,
874           @inherit_update, @update_go, @inherit_reference, @reference_go
875   
876       while (@@sqlstatus != 2)
877       begin
878   
879           /* 
880           ** name of the grantor
881           */
882           select @grantor_name = name
883           from sysusers
884           where uid = @grantor
885   
886   
887           /*
888           ** name of the grantee
889           */
890   
891           select @grantee_name = name
892           from sysusers
893           where uid = @grantee
894   
895   
896           if (@column_name = '%')
897           /* 
898           ** we need to print the privilege information for all columns of the table
899           */
900           begin
901               select @col_pos = 1
902   
903               while (@col_pos <= @col_count)
904               begin
905   
906                   select @curr_column = col_name(@tab_id, @col_pos)
907   
908                   /* 
909                   ** check for insert privileges
910                   */
911                   exec sybsystemprocs.dbo.syb_aux_printprivs
912                       @calledfrom_colpriv, @col_pos, @inherit_insert, @insert_go, 0x00, 0x00, 0,
913                       @grantable output, @is_printable output
914   
915                   if (@is_printable = 1)
916                   begin
917                       insert into #results_table
918                       values (@table_qualifier, @table_owner, @table_name, @curr_column,
919                           @grantor_name, @grantee_name, 'INSERT', @grantable)
920                   end
921   
922                   /* 
923                   ** check for select privileges
924                   */
925                   exec sybsystemprocs.dbo.syb_aux_printprivs
926                       @calledfrom_colpriv, @col_pos, 0, 0, @inherit_select, @select_go, 1,
927                       @grantable output, @is_printable output
928   
929                   if (@is_printable = 1)
930                   begin
931                       insert into #results_table
932                       values (@table_qualifier, @table_owner, @table_name, @curr_column,
933                           @grantor_name, @grantee_name, 'SELECT', @grantable)
934                   end
935                   /* 
936                   ** check for update privileges
937                   */
938                   exec sybsystemprocs.dbo.syb_aux_printprivs
939                       @calledfrom_colpriv, @col_pos, 0, 0, @inherit_update, @update_go, 1,
940                       @grantable output, @is_printable output
941   
942                   if (@is_printable = 1)
943                   begin
944                       insert into #results_table
945                       values (@table_qualifier, @table_owner, @table_name, @curr_column,
946                           @grantor_name, @grantee_name, 'UPDATE', @grantable)
947                   end
948                   /*
949                   ** check for reference privs
950                   */
951   
952                   exec sybsystemprocs.dbo.syb_aux_printprivs
953                       @calledfrom_colpriv, @col_pos, 0, 0, @inherit_reference, @reference_go, 1,
954                       @grantable output, @is_printable output
955   
956                   if (@is_printable = 1)
957                   begin
958                       insert into #results_table
959                       values (@table_qualifier, @table_owner, @table_name, @curr_column,
960                           @grantor_name, @grantee_name, 'REFERENCE', @grantable)
961                   end
962   
963                   select @col_pos = @col_pos + 1
964               end
965           end
966           else
967           begin
968   
969               /* 
970               ** At this point, we are either printing privilege information for a
971               ** a specific column or for table_privileges
972               */
973   
974               select @col_pos = 0
975   
976               if (@calledfrom_colpriv = 1)
977               begin
978                   /* 
979                   ** find the column position
980                   */
981                   select @col_pos = colid
982                   from syscolumns
983                   where (id = @tab_id) and
984                       (name = @column_name)
985               end
986   
987               /* 
988               ** check for insert privileges
989               */
990               exec sybsystemprocs.dbo.syb_aux_printprivs
991                   @calledfrom_colpriv, @col_pos, @inherit_insert, @insert_go, 0x00, 0x00, 0,
992                   @grantable output, @is_printable output
993   
994               if (@is_printable = 1)
995               begin
996                   insert into #results_table
997                   values (@table_qualifier, @table_owner, @table_name, @column_name,
998                       @grantor_name, @grantee_name, 'INSERT', @grantable)
999               end
1000  
1001              /* 
1002              ** check for delete privileges
1003              */
1004  
1005              if (@calledfrom_colpriv = 0)
1006              /* delete privilge need only be printed if called from sp_table_privileges */
1007              begin
1008                  exec sybsystemprocs.dbo.syb_aux_printprivs
1009                      @calledfrom_colpriv, @col_pos, @inherit_delete, @delete_go, 0x00, 0x00, 0,
1010                      @grantable output, @is_printable output
1011  
1012                  if (@is_printable = 1)
1013                  begin
1014                      insert into #results_table
1015                      values (@table_qualifier, @table_owner, @table_name, @column_name,
1016                          @grantor_name, @grantee_name, 'DELETE', @grantable)
1017                  end
1018              end
1019  
1020              /* 
1021              ** check for select privileges
1022              */
1023              exec sybsystemprocs.dbo.syb_aux_printprivs
1024                  @calledfrom_colpriv, @col_pos, 0, 0, @inherit_select, @select_go, 1,
1025                  @grantable output, @is_printable output
1026  
1027  
1028              if (@is_printable = 1)
1029              begin
1030                  insert into #results_table
1031                  values (@table_qualifier, @table_owner, @table_name, @column_name,
1032                      @grantor_name, @grantee_name, 'SELECT', @grantable)
1033              end
1034              /* 
1035              ** check for update privileges
1036              */
1037              exec sybsystemprocs.dbo.syb_aux_printprivs
1038                  @calledfrom_colpriv, @col_pos, 0, 0, @inherit_update, @update_go, 1,
1039                  @grantable output, @is_printable output
1040  
1041              if (@is_printable = 1)
1042              begin
1043                  insert into #results_table
1044                  values (@table_qualifier, @table_owner, @table_name, @column_name,
1045                      @grantor_name, @grantee_name, 'UPDATE', @grantable)
1046              end
1047              /*
1048              ** check for reference privs
1049              */
1050              if (@calledfrom_colpriv = 1)
1051              /* reference privilge need only be printed if called from sp_column_privileges */
1052              begin
1053                  exec sybsystemprocs.dbo.syb_aux_printprivs
1054                      @calledfrom_colpriv, @col_pos, 0, 0, @inherit_reference, @reference_go, 1,
1055                      @grantable output, @is_printable output
1056  
1057                  if (@is_printable = 1)
1058                  begin
1059                      insert into #results_table
1060                      values (@table_qualifier, @table_owner, @table_name, @column_name,
1061                          @grantor_name, @grantee_name, 'REFERENCE', @grantable)
1062                  end
1063              end
1064  
1065          end
1066  
1067  
1068          fetch col_priv_cursor into @grantor, @grantee, @inherit_insert, @insert_go,
1069              @inherit_delete, @delete_go, @inherit_select, @select_go,
1070              @inherit_update, @update_go, @inherit_reference, @reference_go
1071      end
1072  
1073  
1074      /*
1075      ** Outputting the results table
1076      */
1077  
1078      if (@calledfrom_colpriv = 1)
1079          /* Changed to get the requested output order*/
1080          exec sp_autoformat @fulltabname = #results_table,
1081              @selectlist = "TABLE_CAT = table_qualifier, TABLE_SCHEM = table_owner, TABLE_NAME = table_name, COLUMN_NAME = column_name, GRANTOR = grantor, GRANTEE = grantee, PRIVILEGE = privilege, IS_GRANTABLE = is_grantable",
1082              @whereclause = "column_name like @save_column_name ESCAPE '\'",
1083              @orderby = "order by column_name, privilege"
1084  
1085      else
1086          /* Changed to get the requested output order*/
1087          exec sp_autoformat @fulltabname = #results_table,
1088              @selectlist = "TABLE_CAT = table_qualifier, TABLE_SCHEM = table_owner, TABLE_NAME = table_name, GRANTOR = grantor, GRANTEE = grantee, PRIVILEGE = privilege, IS_GRANTABLE = is_grantable",
1089              @orderby = "order by table_qualifier, table_name, privilege"
1090  
1091      close col_priv_cursor
1092  
1093      drop table #column_privileges
1094      drop table #distinct_grantors
1095      drop table #sysprotects
1096      drop table #useful_groups
1097      drop table #results_table
1098  
1099  /*
1100  **  End of sp_ijdbc_aux_computeprivs
1101  */
1102  
1103  


exec sp_procxmode 'sp_ijdbc_aux_computeprivs', 'AnyMode'
go

Grant Execute on sp_ijdbc_aux_computeprivs to public
go
DEFECTS
 QCAR 6 Cartesian product between tables #useful_groups and [#distinct_grantors] 184
 QCAR 6 Cartesian product between tables sybsystemprocs..sysusers su and [#distinct_grantors g] 263
 MINU 4 Unique Index with nullable columns sybsystemprocs..sysprotects sybsystemprocs..sysprotects
 MTYP 4 Assignment type mismatch @prev_grantor: tinyint = int 608
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1080
 MUSP 4 Unquoted String Parameter sybsystemprocs..sp_autoformat: @fulltabname 1087
 QTYP 4 Comparison type mismatch Comparison type mismatch: int vs tinyint 626
 CUNU 3 Cursor not updated: cursor should contain 'for read only' clause user_protect 192
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 236
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 238
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 240
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 242
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 244
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 261
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 262
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 295
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 296
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 297
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 372
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 373
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 374
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 476
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 477
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 478
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 912
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 991
 MBLI 3 Integer Value of Binary Literal is Platform Dependant 1009
 MGTP 3 Grant to public sybsystemprocs..sp_ijdbc_aux_computeprivs  
 MGTP 3 Grant to public sybsystemprocs..syscolumns  
 MGTP 3 Grant to public sybsystemprocs..sysobjects  
 MGTP 3 Grant to public sybsystemprocs..sysprotects  
 MGTP 3 Grant to public sybsystemprocs..sysusers  
 MNER 3 No Error Check should check @@error after insert 220
 MNER 3 No Error Check should check @@error after insert 235
 MNER 3 No Error Check should check @@error after insert 237
 MNER 3 No Error Check should check @@error after insert 239
 MNER 3 No Error Check should check @@error after insert 241
 MNER 3 No Error Check should check @@error after insert 243
 MNER 3 No Error Check should check @@error after insert 251
 MNER 3 No Error Check should check @@error after insert 260
 MNER 3 No Error Check should check @@error after insert 273
 MNER 3 No Error Check should check return value of exec 462
 MNER 3 No Error Check should check return value of exec 464
 MNER 3 No Error Check should check return value of exec 466
 MNER 3 No Error Check should check return value of exec 561
 MNER 3 No Error Check should check return value of exec 566
 MNER 3 No Error Check should check return value of exec 571
 MNER 3 No Error Check should check @@error after update 589
 MNER 3 No Error Check should check @@error after update 618
 MNER 3 No Error Check should check return value of exec 676
 MNER 3 No Error Check should check return value of exec 682
 MNER 3 No Error Check should check @@error after update 694
 MNER 3 No Error Check should check @@error after update 702
 MNER 3 No Error Check should check return value of exec 723
 MNER 3 No Error Check should check return value of exec 728
 MNER 3 No Error Check should check @@error after update 740
 MNER 3 No Error Check should check @@error after update 747
 MNER 3 No Error Check should check return value of exec 765
 MNER 3 No Error Check should check return value of exec 771
 MNER 3 No Error Check should check @@error after update 783
 MNER 3 No Error Check should check @@error after update 790
 MNER 3 No Error Check should check @@error after update 817
 MNER 3 No Error Check should check @@error after update 824
 MNER 3 No Error Check should check @@error after update 851
 MNER 3 No Error Check should check @@error after update 858
 MNER 3 No Error Check should check return value of exec 911
 MNER 3 No Error Check should check @@error after insert 917
 MNER 3 No Error Check should check return value of exec 925
 MNER 3 No Error Check should check @@error after insert 931
 MNER 3 No Error Check should check return value of exec 938
 MNER 3 No Error Check should check @@error after insert 944
 MNER 3 No Error Check should check return value of exec 952
 MNER 3 No Error Check should check @@error after insert 958
 MNER 3 No Error Check should check return value of exec 990
 MNER 3 No Error Check should check @@error after insert 996
 MNER 3 No Error Check should check return value of exec 1008
 MNER 3 No Error Check should check @@error after insert 1014
 MNER 3 No Error Check should check return value of exec 1023
 MNER 3 No Error Check should check @@error after insert 1030
 MNER 3 No Error Check should check return value of exec 1037
 MNER 3 No Error Check should check @@error after insert 1043
 MNER 3 No Error Check should check return value of exec 1053
 MNER 3 No Error Check should check @@error after insert 1059
 MNER 3 No Error Check should check return value of exec 1080
 MNER 3 No Error Check should check return value of exec 1087
 MUCO 3 Useless Code Useless Brackets in create proc 14
 MUCO 3 Useless Code Useless Brackets 276
 MUCO 3 Useless Code Useless Brackets 288
 MUCO 3 Useless Code Useless Brackets 304
 MUCO 3 Useless Code Useless Brackets 319
 MUCO 3 Useless Code Useless Brackets 333
 MUCO 3 Useless Code Useless Brackets 348
 MUCO 3 Useless Code Useless Brackets 358
 MUCO 3 Useless Code Useless Brackets 383
 MUCO 3 Useless Code Useless Brackets 386
 MUCO 3 Useless Code Useless Brackets 401
 MUCO 3 Useless Code Useless Brackets 416
 MUCO 3 Useless Code Useless Brackets 431
 MUCO 3 Useless Code Useless Brackets 442
 MUCO 3 Useless Code Useless Brackets 488
 MUCO 3 Useless Code Useless Brackets 491
 MUCO 3 Useless Code Useless Brackets 506
 MUCO 3 Useless Code Useless Brackets 521
 MUCO 3 Useless Code Useless Brackets 536
 MUCO 3 Useless Code Useless Brackets 546
 MUCO 3 Useless Code Useless Brackets 576
 MUCO 3 Useless Code Useless Brackets 579
 MUCO 3 Useless Code Useless Brackets 611
 MUCO 3 Useless Code Useless Brackets 652
 MUCO 3 Useless Code Useless Brackets 666
 MUCO 3 Useless Code Useless Brackets 674
 MUCO 3 Useless Code Useless Brackets 680
 MUCO 3 Useless Code Useless Brackets 692
 MUCO 3 Useless Code Useless Brackets 712
 MUCO 3 Useless Code Useless Brackets 721
 MUCO 3 Useless Code Useless Brackets 727
 MUCO 3 Useless Code Useless Brackets 738
 MUCO 3 Useless Code Useless Brackets 755
 MUCO 3 Useless Code Useless Brackets 763
 MUCO 3 Useless Code Useless Brackets 769
 MUCO 3 Useless Code Useless Brackets 781
 MUCO 3 Useless Code Useless Brackets 802
 MUCO 3 Useless Code Useless Brackets 804
 MUCO 3 Useless Code Useless Brackets 807
 MUCO 3 Useless Code Useless Brackets 815
 MUCO 3 Useless Code Useless Brackets 836
 MUCO 3 Useless Code Useless Brackets 838
 MUCO 3 Useless Code Useless Brackets 841
 MUCO 3 Useless Code Useless Brackets 849
 MUCO 3 Useless Code Useless Brackets 876
 MUCO 3 Useless Code Useless Brackets 896
 MUCO 3 Useless Code Useless Brackets 903
 MUCO 3 Useless Code Useless Brackets 915
 MUCO 3 Useless Code Useless Brackets 929
 MUCO 3 Useless Code Useless Brackets 942
 MUCO 3 Useless Code Useless Brackets 956
 MUCO 3 Useless Code Useless Brackets 976
 MUCO 3 Useless Code Useless Brackets 994
 MUCO 3 Useless Code Useless Brackets 1005
 MUCO 3 Useless Code Useless Brackets 1012
 MUCO 3 Useless Code Useless Brackets 1028
 MUCO 3 Useless Code Useless Brackets 1041
 MUCO 3 Useless Code Useless Brackets 1050
 MUCO 3 Useless Code Useless Brackets 1057
 MUCO 3 Useless Code Useless Brackets 1078
 MUIN 3 Column created using implicit nullability 123
 MUIN 3 Column created using implicit nullability 135
 MUIN 3 Column created using implicit nullability 144
 MUIN 3 Column created using implicit nullability 152
 MUIN 3 Column created using implicit nullability 170
 QAFM 3 Var Assignment from potentially many rows 310
 QAFM 3 Var Assignment from potentially many rows 325
 QAFM 3 Var Assignment from potentially many rows 339
 QAFM 3 Var Assignment from potentially many rows 392
 QAFM 3 Var Assignment from potentially many rows 407
 QAFM 3 Var Assignment from potentially many rows 422
 QAFM 3 Var Assignment from potentially many rows 497
 QAFM 3 Var Assignment from potentially many rows 512
 QAFM 3 Var Assignment from potentially many rows 527
 QAFM 3 Var Assignment from potentially many rows 669
 QAFM 3 Var Assignment from potentially many rows 715
 QAFM 3 Var Assignment from potentially many rows 757
 QAFM 3 Var Assignment from potentially many rows 981
 QDIS 3 Check correct use of 'select distinct' 183
 QDIS 3 Check correct use of 'select distinct' 274
 QGWO 3 Group by/Distinct/Union without order by 252
 QGWO 3 Group by/Distinct/Union without order by 274
 QISO 3 Set isolation level 83
 QJWT 3 Join or Sarg Without Index on temp table 276
 QJWT 3 Join or Sarg Without Index on temp table 629
 QNAJ 3 Not using ANSI Inner Join 263
 QNAJ 3 Not using ANSI Inner Join 275
 QNUA 3 Should use Alias: Column grantor should use alias #distinct_grantors 183
 QNUA 3 Should use Alias: Column grp_id should use alias #useful_groups 183
 QNUA 3 Should use Alias: Table #distinct_grantors 184
 QNUA 3 Should use Alias: Table #useful_groups 184
 QNUA 3 Should use Alias: Column gid should use alias su 261
 QNUA 3 Should use Alias: Column gid should use alias su 274
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: syscolumns.csyscolumns unique clustered
(id, number, colid)
Intersection: {id}
213
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: sysprotects.csysprotects unique clustered
(id, action, grantor, uid, protecttype)
Intersection: {action, id}
222
 QPRI 3 Join or Sarg with Rooted Partial Index Use SARG Candidate index: syscolumns.csyscolumns unique clustered
(id, number, colid)
Intersection: {id}
983
 QSWV 3 Sarg with variable @max_uid, Candidate Index: sysusers.ncsysusers2 unique(uid) S 265
 QTJ1 3 Table only appears in inner join clause 275
 VNRD 3 Variable is not read @high 105
 VNRD 3 Variable is not read @low 105
 VNRD 3 Variable is not read @dbid 106
 VNRD 3 Variable is not read @save_column_name 107
 CRDO 2 Read Only Cursor Marker (has a 'distinct' option) 183
 CUPD 2 Updatable Cursor Marker (updatable by default) 192
 CUPD 2 Updatable Cursor Marker (updatable by default) 202
 MSUB 2 Subquery Marker 304
 MSUB 2 Subquery Marker 319
 MSUB 2 Subquery Marker 333
 MSUB 2 Subquery Marker 348
 MSUB 2 Subquery Marker 358
 MSUB 2 Subquery Marker 386
 MSUB 2 Subquery Marker 401
 MSUB 2 Subquery Marker 416
 MSUB 2 Subquery Marker 431
 MSUB 2 Subquery Marker 442
 MSUB 2 Subquery Marker 491
 MSUB 2 Subquery Marker 506
 MSUB 2 Subquery Marker 521
 MSUB 2 Subquery Marker 536
 MSUB 2 Subquery Marker 546
 MSUC 2 Correlated Subquery Marker 627
 MTR1 2 Metrics: Comments Ratio Comments: 26% 14
 MTR2 2 Metrics: Cyclomatic Complexity Cyclo: 135 = 134dec - 1exi + 2 14
 MTR3 2 Metrics: Query Complexity Complexity: 535 14

DEPENDENCIES
PROCS AND TABLES USED
reads table sybsystemprocs..syscolumns  
calls proc sybsystemprocs..syb_aux_privexor  
   calls proc sybsystemprocs..syb_aux_expandbitmap  
reads table sybsystemprocs..sysobjects  
reads table sybsystemprocs..sysusers  
reads table sybsystemprocs..sysprotects  
calls proc sybsystemprocs..syb_aux_printprivs  
   calls proc sybsystemprocs..syb_aux_colbit  
calls proc sybsystemprocs..sp_autoformat  
   calls proc sybsystemprocs..sp_namecrack  
   reads table tempdb..systypes (1)  
   calls proc sybsystemprocs..sp_autoformat  
   reads table master..systypes (1)  
   reads table master..syscolumns (1)  
   read_writes table tempdb..#colinfo_af (1) 
   reads table tempdb..syscolumns (1)  
writes table tempdb..#results_table (1) 
calls proc sybsystemprocs..syb_aux_privunion  
read_writes table tempdb..#sysprotects (1) 
read_writes table tempdb..#useful_groups (1) 
read_writes table tempdb..#distinct_grantors (1) 
read_writes table tempdb..#column_privileges (1)