firebird-mirror/src/jrd/scl.h

/*
 *	PROGRAM:	JRD Access Method
 *	MODULE:		scl.h
 *	DESCRIPTION:	Security class definitions
 *
 * The contents of this file are subject to the Interbase Public
 * License Version 1.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy
 * of the License at http://www.Inprise.com/IPL.html
 *
 * Software distributed under the License is distributed on an
 * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
 * or implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code was created by Inprise Corporation
 * and its predecessors. Portions created by Inprise Corporation are
 * Copyright (C) Inprise Corporation.
 *
 * All Rights Reserved.
 * Contributor(s): ______________________________________.
 */

#ifndef JRD_SCL_H
#define JRD_SCL_H

#include "../common/classes/MetaName.h"
#include "../common/classes/tree.h"
#include "../common/security.h"
#include "../jrd/obj.h"

namespace Firebird {
class ClumpletWriter;
}

namespace Jrd {

const size_t ACL_BLOB_BUFFER_SIZE = MAX_USHORT; // used to read/write acl blob

// Security class definition

class SecurityClass
{
public:
    typedef ULONG flags_t;

	SecurityClass(Firebird::MemoryPool &pool, const Firebird::MetaName& name)
		: scl_flags(0), scl_name(pool, name)
	{}

	flags_t scl_flags;			// Access permissions
	const Firebird::MetaName scl_name;

	static const Firebird::MetaName& generate(const void*, const SecurityClass* item)
	{
		return item->scl_name;
	}
};

typedef Firebird::BePlusTree<
	SecurityClass*,
	Firebird::MetaName,
	Firebird::MemoryPool,
	SecurityClass
> SecurityClassList;


const SecurityClass::flags_t SCL_select			= 1;		// SELECT access
const SecurityClass::flags_t SCL_drop			= 2;		// DROP access
const SecurityClass::flags_t SCL_control		= 4;		// Control access
const SecurityClass::flags_t SCL_exists			= 8;		// At least ACL exists
const SecurityClass::flags_t SCL_alter			= 16;		// ALTER access
const SecurityClass::flags_t SCL_corrupt		= 32;		// ACL does look too good
const SecurityClass::flags_t SCL_insert			= 64;		// INSERT access
const SecurityClass::flags_t SCL_delete			= 128;		// DELETE access
const SecurityClass::flags_t SCL_update			= 256;		// UPDATE access
const SecurityClass::flags_t SCL_references		= 512;		// REFERENCES access
const SecurityClass::flags_t SCL_execute		= 1024;		// EXECUTE access
const SecurityClass::flags_t SCL_usage			= 2048;		// USAGE access
const SecurityClass::flags_t SCL_create			= 4096;


// information about the user

const USHORT USR_locksmith	= 1;		// User has great karma
const USHORT USR_dba		= 2;		// User has DBA privileges
const USHORT USR_owner		= 4;		// User owns database
const USHORT USR_mapdown	= 8;		// Mapping failed when getting context

class UserId
{
public:
	Firebird::MetaName	usr_user_name;		// User name
	Firebird::MetaName	usr_sql_role_name;	// Role name
	Firebird::SortedArray<Firebird::MetaName> usr_granted_roles; // Granted roles list
	Firebird::MetaName	usr_trusted_role;	// Trusted role if set
	Firebird::string	usr_project_name;	// Project name
	Firebird::string	usr_org_name;		// Organization name
	Firebird::string	usr_auth_method;	// Authentication method
	Auth::AuthenticationBlock usr_auth_block;	// Authentication block after mapping
	USHORT				usr_user_id;		// User id
	USHORT				usr_group_id;		// Group id
	USHORT				usr_flags;			// Misc. crud

	bool locksmith() const
	{
		return usr_flags & (USR_locksmith | USR_owner | USR_dba);
	}

	UserId()
		: usr_user_id(0), usr_group_id(0), usr_flags(0)
	{}

	UserId(Firebird::MemoryPool& p, const UserId& ui)
		: usr_user_name(p, ui.usr_user_name),
		  usr_sql_role_name(p, ui.usr_sql_role_name),
		  usr_granted_roles(p),
		  usr_trusted_role(p, ui.usr_trusted_role),
		  usr_project_name(p, ui.usr_project_name),
		  usr_org_name(p, ui.usr_org_name),
		  usr_auth_method(p, ui.usr_auth_method),
		  usr_auth_block(p),
		  usr_user_id(ui.usr_user_id),
		  usr_group_id(ui.usr_group_id),
		  usr_flags(ui.usr_flags)
	{
		usr_auth_block.assign(ui.usr_auth_block);
		usr_granted_roles = ui.usr_granted_roles;
	}

	UserId(const UserId& ui)
		: usr_user_name(ui.usr_user_name),
		  usr_sql_role_name(ui.usr_sql_role_name),
		  usr_granted_roles(ui.usr_granted_roles),
		  usr_trusted_role(ui.usr_trusted_role),
		  usr_project_name(ui.usr_project_name),
		  usr_org_name(ui.usr_org_name),
		  usr_auth_method(ui.usr_auth_method),
		  usr_user_id(ui.usr_user_id),
		  usr_group_id(ui.usr_group_id),
		  usr_flags(ui.usr_flags)
	{
		usr_auth_block.assign(ui.usr_auth_block);
	}

	UserId& operator=(const UserId& ui)
	{
		usr_user_name = ui.usr_user_name;
		usr_sql_role_name = ui.usr_sql_role_name;
		usr_granted_roles = ui.usr_granted_roles;
		usr_trusted_role = ui.usr_trusted_role;
		usr_project_name = ui.usr_project_name;
		usr_org_name = ui.usr_org_name;
		usr_auth_method = ui.usr_auth_method;
		usr_user_id = ui.usr_user_id;
		usr_group_id = ui.usr_group_id;
		usr_flags = ui.usr_flags;
		usr_auth_block.assign(ui.usr_auth_block);

		return *this;
	}

	void populateDpb(Firebird::ClumpletWriter& dpb);
};

// These numbers are arbitrary and only used at run-time. Can be changed if necessary at any moment.
// We need to include here the new objects that accept ACLs.
const SLONG SCL_object_database		= obj_database;
const SLONG SCL_object_table		= obj_relations;
const SLONG SCL_object_package		= obj_packages;
const SLONG SCL_object_procedure	= obj_procedures;
const SLONG SCL_object_function		= obj_functions;
const SLONG SCL_object_collation	= obj_collations;
const SLONG SCL_object_exception	= obj_exceptions;
const SLONG SCL_object_generator	= obj_generators;
const SLONG SCL_object_charset		= obj_charsets;
const SLONG SCL_object_domain		= obj_domains;
const SLONG SCL_object_view			= obj_views;
const SLONG SCL_object_role			= obj_roles;
const SLONG SCL_object_filter		= obj_filters;
// Please keep it with code more than other objects
// - relations and procedures should be sorted before columns.
const SLONG SCL_object_column		= obj_type_MAX + 1;

} //namespace Jrd

#endif // JRD_SCL_H
First steps towards a C++ conversion. 2001-05-23 15:26:42 +02:00			`/*`
			`* PROGRAM: JRD Access Method`
			`* MODULE: scl.h`
			`* DESCRIPTION: Security class definitions`
			`*`
			`* The contents of this file are subject to the Interbase Public`
			`* License Version 1.0 (the "License"); you may not use this file`
			`* except in compliance with the License. You may obtain a copy`
			`* of the License at http://www.Inprise.com/IPL.html`
			`*`
			`* Software distributed under the License is distributed on an`
			`* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express`
			`* or implied. See the License for the specific language governing`
			`* rights and limitations under the License.`
			`*`
			`* The Original Code was created by Inprise Corporation`
			`* and its predecessors. Portions created by Inprise Corporation are`
			`* Copyright (C) Inprise Corporation.`
			`*`
			`* All Rights Reserved.`
			`* Contributor(s): ______________________________________.`
			`*/`

			`#ifndef JRD_SCL_H`
			`#define JRD_SCL_H`

Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`#include "../common/classes/MetaName.h"`
			`#include "../common/classes/tree.h"`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`#include "../common/security.h"`
Fixed CORE-735: User rights for metadata changes. We check DDL in DDL nodes and skip at vio level. vio level still exists for direct metadata editing. 2014-07-08 09:35:27 +02:00			`#include "../jrd/obj.h"`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00
Implemented CORE-3370: Resolve additional aspects of multiple security databases from services and cross-database requests POV (mapping names) 2014-04-04 17:57:18 +02:00			`namespace Firebird {`
			`class ClumpletWriter;`
			`}`

1. introduced Jrd and Ods namespaces 2. cleanup of blk* request conversions 3. fixed memory allocation in Execute Statement 2004-03-20 15:57:40 +01:00			`namespace Jrd {`

Comments. 2009-11-27 09:34:34 +01:00			`const size_t ACL_BLOB_BUFFER_SIZE = MAX_USHORT; // used to read/write acl blob`
Fixed CORE-1957 & CORE-216: too many grants lose privileges. ACLs cleanup. 2008-07-11 15:50:59 +02:00
Since SCL_release changed meaning, it's necessary to adjust the name (SCL_release_all) and the comments. 2008-03-08 12:37:15 +01:00			`// Security class definition`
First steps towards a C++ conversion. 2001-05-23 15:26:42 +02:00
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`class SecurityClass`
New C++ memory pool 2001-12-24 03:51:06 +01:00			`{`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`public:`
Fixed CORE-735: User rights for metadata changes. We check DDL in DDL nodes and skip at vio level. vio level still exists for direct metadata editing. 2014-07-08 09:35:27 +02:00			`typedef ULONG flags_t;`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00
Trim trailling spaces 2009-04-04 18:39:31 +02:00			`SecurityClass(Firebird::MemoryPool &pool, const Firebird::MetaName& name)`
			`: scl_flags(0), scl_name(pool, name)`
Style. 2008-12-23 09:41:23 +01:00			`{}`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00
Since SCL_release changed meaning, it's necessary to adjust the name (SCL_release_all) and the comments. 2008-03-08 12:37:15 +01:00			`flags_t scl_flags; // Access permissions`
			`const Firebird::MetaName scl_name;`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00
Style and minor cleanup. 2008-05-10 05:44:57 +02:00			`static const Firebird::MetaName& generate(const void, const SecurityClass item)`
Remove trailing spaces (.h files) 2008-12-05 01:56:15 +01:00			`{`
Misc 2008-03-08 22:20:26 +01:00			`return item->scl_name;`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`}`
New C++ memory pool 2001-12-24 03:51:06 +01:00			`};`

Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`typedef Firebird::BePlusTree<`
Remove trailing spaces (.h files) 2008-12-05 01:56:15 +01:00			`SecurityClass*,`
			`Firebird::MetaName,`
			`Firebird::MemoryPool,`
Fixed CORE-1775 : Improve performance of security checking 2008-03-06 14:13:31 +01:00			`SecurityClass`
			`> SecurityClassList;`


1) Cleanup and renaming in the SCL code. 2) Reimplemented the USAGE privilege as a separate one. 3) Added USAGE permission checks for generators/sequences and exceptions. 4) Supported USAGE in GRANT/REVOKE for all object types. 5) Refactored SET GENERATOR and ALTER SEQUENCE as true DDL. blr_set_generator is supported only for backward compatibility, it's not generated by DSQL anymore. 6) Added START WITH clause for [RE]CREATE SEQUENCE and CREATE OR ALTER SEQUENCE. 7) Fixed a number of related errors. 2013-03-07 14:59:03 +01:00			`const SecurityClass::flags_t SCL_select = 1; // SELECT access`
			`const SecurityClass::flags_t SCL_drop = 2; // DROP access`
			`const SecurityClass::flags_t SCL_control = 4; // Control access`
			`const SecurityClass::flags_t SCL_exists = 8; // At least ACL exists`
			`const SecurityClass::flags_t SCL_alter = 16; // ALTER access`
			`const SecurityClass::flags_t SCL_corrupt = 32; // ACL does look too good`
			`const SecurityClass::flags_t SCL_insert = 64; // INSERT access`
			`const SecurityClass::flags_t SCL_delete = 128; // DELETE access`
			`const SecurityClass::flags_t SCL_update = 256; // UPDATE access`
			`const SecurityClass::flags_t SCL_references = 512; // REFERENCES access`
			`const SecurityClass::flags_t SCL_execute = 1024; // EXECUTE access`
			`const SecurityClass::flags_t SCL_usage = 2048; // USAGE access`
Fixed CORE-735: User rights for metadata changes. We check DDL in DDL nodes and skip at vio level. vio level still exists for direct metadata editing. 2014-07-08 09:35:27 +02:00			`const SecurityClass::flags_t SCL_create = 4096;`
First steps towards a C++ conversion. 2001-05-23 15:26:42 +02:00

Comments. 2009-11-27 09:34:34 +01:00			`// information about the user`
First steps towards a C++ conversion. 2001-05-23 15:26:42 +02:00
Comments. 2009-11-27 09:34:34 +01:00			`const USHORT USR_locksmith = 1; // User has great karma`
			`const USHORT USR_dba = 2; // User has DBA privileges`
			`const USHORT USR_owner = 4; // User owns database`
Fixed CORE-4899: GFIX -online: message "IProvider::attachDatabase failed when loading mapping cache" appears in Classic (only) if access uses remote protocol 2015-08-18 17:04:04 +02:00			`const USHORT USR_mapdown = 8; // Mapping failed when getting context`
1. Centralized validation of attachment to be a super-user attachment. 2. Fixed a couple of old problems, when sysdba could perform operations, but database owner - could not. 3. Fixed CORE-84 - nbackup operations were allowed for everybody who can login to the given database. 4. Disabled creating shadows and adding additional DB-files for non super-user. 2006-08-16 17:15:58 +02:00
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`class UserId`
New C++ memory pool 2001-12-24 03:51:06 +01:00			`{`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`public:`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`Firebird::MetaName usr_user_name; // User name`
			`Firebird::MetaName usr_sql_role_name; // Role name`
			`Firebird::SortedArray<Firebird::MetaName> usr_granted_roles; // Granted roles list`
			`Firebird::MetaName usr_trusted_role; // Trusted role if set`
Comments. 2009-11-27 09:34:34 +01:00			`Firebird::string usr_project_name; // Project name`
			`Firebird::string usr_org_name; // Organization name`
Implemented CORE-4218 (database owner in MON$DATABASE) and CORE-4222 (auth method in MON$ATTACHMENTS). 2013-09-18 11:37:13 +02:00			`Firebird::string usr_auth_method; // Authentication method`
Language independent API 2014-09-29 13:03:47 +02:00			`Auth::AuthenticationBlock usr_auth_block; // Authentication block after mapping`
Comments. 2009-11-27 09:34:34 +01:00			`USHORT usr_user_id; // User id`
			`USHORT usr_group_id; // Group id`
			`USHORT usr_flags; // Misc. crud`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00
1. Centralized validation of attachment to be a super-user attachment. 2. Fixed a couple of old problems, when sysdba could perform operations, but database owner - could not. 3. Fixed CORE-84 - nbackup operations were allowed for everybody who can login to the given database. 4. Disabled creating shadows and adding additional DB-files for non super-user. 2006-08-16 17:15:58 +02:00			`bool locksmith() const`
			`{`
The merge continued. 2008-01-16 10:48:41 +01:00			`return usr_flags & (USR_locksmith \| USR_owner \| USR_dba);`
1. Centralized validation of attachment to be a super-user attachment. 2. Fixed a couple of old problems, when sysdba could perform operations, but database owner - could not. 3. Fixed CORE-84 - nbackup operations were allowed for everybody who can login to the given database. 4. Disabled creating shadows and adding additional DB-files for non super-user. 2006-08-16 17:15:58 +02:00			`}`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00
Style. 2008-12-23 09:41:23 +01:00			`UserId()`
Moved authentication code from engine to remote listener. Get ready for authentication plugins. 2010-01-22 15:55:11 +01:00			`: usr_user_id(0), usr_group_id(0), usr_flags(0)`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`{}`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00
			`UserId(Firebird::MemoryPool& p, const UserId& ui)`
Remove trailing spaces (.h files) 2008-12-05 01:56:15 +01:00			`: usr_user_name(p, ui.usr_user_name),`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`usr_sql_role_name(p, ui.usr_sql_role_name),`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`usr_granted_roles(p),`
Implemented CORE-1377: Add an ability to change role without reconnecting to database 2014-04-30 17:12:12 +02:00			`usr_trusted_role(p, ui.usr_trusted_role),`
Remove trailing spaces (.h files) 2008-12-05 01:56:15 +01:00			`usr_project_name(p, ui.usr_project_name),`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`usr_org_name(p, ui.usr_org_name),`
Implemented CORE-4218 (database owner in MON$DATABASE) and CORE-4222 (auth method in MON$ATTACHMENTS). 2013-09-18 11:37:13 +02:00			`usr_auth_method(p, ui.usr_auth_method),`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`usr_auth_block(p),`
Remove trailing spaces (.h files) 2008-12-05 01:56:15 +01:00			`usr_user_id(ui.usr_user_id),`
			`usr_group_id(ui.usr_group_id),`
Trim trailling spaces 2009-04-04 18:39:31 +02:00			`usr_flags(ui.usr_flags)`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`{`
			`usr_auth_block.assign(ui.usr_auth_block);`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`usr_granted_roles = ui.usr_granted_roles;`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`}`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00
Style. 2008-12-23 09:41:23 +01:00			`UserId(const UserId& ui)`
			`: usr_user_name(ui.usr_user_name),`
			`usr_sql_role_name(ui.usr_sql_role_name),`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`usr_granted_roles(ui.usr_granted_roles),`
Implemented CORE-1377: Add an ability to change role without reconnecting to database 2014-04-30 17:12:12 +02:00			`usr_trusted_role(ui.usr_trusted_role),`
Style. 2008-12-23 09:41:23 +01:00			`usr_project_name(ui.usr_project_name),`
			`usr_org_name(ui.usr_org_name),`
Implemented CORE-4218 (database owner in MON$DATABASE) and CORE-4222 (auth method in MON$ATTACHMENTS). 2013-09-18 11:37:13 +02:00			`usr_auth_method(ui.usr_auth_method),`
Style. 2008-12-23 09:41:23 +01:00			`usr_user_id(ui.usr_user_id),`
			`usr_group_id(ui.usr_group_id),`
Trim trailling spaces 2009-04-04 18:39:31 +02:00			`usr_flags(ui.usr_flags)`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`{`
			`usr_auth_block.assign(ui.usr_auth_block);`
			`}`
Trim trailling spaces 2009-04-04 18:39:31 +02:00
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`UserId& operator=(const UserId& ui)`
			`{`
			`usr_user_name = ui.usr_user_name;`
			`usr_sql_role_name = ui.usr_sql_role_name;`
Fixed CORE-1815: Ability to grant role to another role (#23) * Initial patch for cumulative roles * Fixed multiple records in USER_PRIVILEGES and reworked logic on additional grant default role and admin option 2016-05-12 16:03:54 +02:00			`usr_granted_roles = ui.usr_granted_roles;`
Implemented CORE-1377: Add an ability to change role without reconnecting to database 2014-04-30 17:12:12 +02:00			`usr_trusted_role = ui.usr_trusted_role;`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`usr_project_name = ui.usr_project_name;`
			`usr_org_name = ui.usr_org_name;`
Implemented CORE-4218 (database owner in MON$DATABASE) and CORE-4222 (auth method in MON$ATTACHMENTS). 2013-09-18 11:37:13 +02:00			`usr_auth_method = ui.usr_auth_method;`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00			`usr_user_id = ui.usr_user_id;`
			`usr_group_id = ui.usr_group_id;`
			`usr_flags = ui.usr_flags;`
Make services work correctly with multiple security databases 2011-10-04 14:51:57 +02:00			`usr_auth_block.assign(ui.usr_auth_block);`
Fixed CORE-1312: A remote attacker can check, if a file is present in the system, running firebird server 2007-06-08 12:24:57 +02:00
			`return *this;`
			`}`
Implemented CORE-3370: Resolve additional aspects of multiple security databases from services and cross-database requests POV (mapping names) 2014-04-04 17:57:18 +02:00
			`void populateDpb(Firebird::ClumpletWriter& dpb);`
New C++ memory pool 2001-12-24 03:51:06 +01:00			`};`
First steps towards a C++ conversion. 2001-05-23 15:26:42 +02:00
The way AccessItem instances were ordered was a hack that sooner or later would fail when adding more object types (that now have ACLs but we still don't enfornce them). Further, comparing numbers is faster than comparing strings. 2010-02-13 09:31:16 +01:00			`// These numbers are arbitrary and only used at run-time. Can be changed if necessary at any moment.`
			`// We need to include here the new objects that accept ACLs.`
Fixed CORE-735: User rights for metadata changes. We check DDL in DDL nodes and skip at vio level. vio level still exists for direct metadata editing. 2014-07-08 09:35:27 +02:00			`const SLONG SCL_object_database = obj_database;`
			`const SLONG SCL_object_table = obj_relations;`
			`const SLONG SCL_object_package = obj_packages;`
			`const SLONG SCL_object_procedure = obj_procedures;`
			`const SLONG SCL_object_function = obj_functions;`
			`const SLONG SCL_object_collation = obj_collations;`
			`const SLONG SCL_object_exception = obj_exceptions;`
			`const SLONG SCL_object_generator = obj_generators;`
			`const SLONG SCL_object_charset = obj_charsets;`
			`const SLONG SCL_object_domain = obj_domains;`
			`const SLONG SCL_object_view = obj_views;`
			`const SLONG SCL_object_role = obj_roles;`
			`const SLONG SCL_object_filter = obj_filters;`
Fixed CORE-4802: GRANT UPDATE(<some_column>) on <T> acts like grant update on ALL columns of <T> 2015-06-09 15:18:27 +02:00			`// Please keep it with code more than other objects`
			`// - relations and procedures should be sorted before columns.`
			`const SLONG SCL_object_column = obj_type_MAX + 1;`
Merging changes from fb1. 2002-06-29 15:03:13 +02:00
1. introduced Jrd and Ods namespaces 2. cleanup of blk* request conversions 3. fixed memory allocation in Execute Statement 2004-03-20 15:57:40 +01:00			`} //namespace Jrd`

Big cleanup. God have pity on platform maintainers. I only can compile/test Win32; sorry, folks. 2004-02-20 07:43:27 +01:00			`#endif // JRD_SCL_H`