Removed SHADOW permissions since they handled by ALTER DATABASE permission

Added show of DDL permissions in isql

src/dsql/parse.y

@@ -876,8 +876,6 @@ object
 		{ $$ = newNode<GranteeClause>(obj_exceptions, get_object_name(obj_exceptions)); }
 	| ROLE
 		{ $$ = newNode<GranteeClause>(obj_roles, get_object_name(obj_roles)); }
-	| SHADOW
-		{ $$ = newNode<GranteeClause>(obj_shadows, get_object_name(obj_shadows)); }
 	| DATABASE
 		{ $$ = newNode<GranteeClause>(obj_database, get_object_name(obj_database)); }
 	| CHARACTER SET

src/isql/extract.epp

@@ -1291,6 +1291,15 @@ static processing_state list_all_grants2(bool show_role_list, const SCHAR* termi
 			ISQL_errmsg(fbStatus);
 			return OBJECT_NOT_FOUND;
 		END_ERROR
+
+		// Process DDL permissions
+		for (int i = obj_database; i < obj_type_MAX; i++)
+		{
+			const processing_state rc =
+				SHOW_grants2(get_object_name(i), terminator, i, first ? banner : 0, mangle);
+			if (rc == SKIP)
+				first = false;
+		}
 	}
 
 	return first_role && first ? OBJECT_NOT_FOUND : SKIP;

src/isql/show.epp

@@ -198,7 +198,10 @@ enum priv_flag {
 	priv_UPDATE	= 8,
 	priv_DELETE	= 16,
 	priv_EXECUTE	= 32,
-	priv_REFERENCES	= 64
+	priv_REFERENCES	= 64,
+	priv_CREATE = 128,
+	priv_ALTER = 256,
+	priv_DROP = 512
 };
 
 
@@ -214,6 +217,9 @@ static const struct
 	{ priv_SELECT, "SELECT"},			// keyword
 	{ priv_UPDATE, "UPDATE"},			// keyword
 	{ priv_REFERENCES, "REFERENCES"},	// keyword
+	{ priv_CREATE, "CREATE"},			// keyword
+	{ priv_ALTER, "ALTER"},				// keyword
+	{ priv_DROP, "DROP"},				// keyword
 	{ 0, NULL}
 };
 
@@ -682,6 +688,7 @@ processing_state SHOW_grants2 (const SCHAR* object,
 	BASED_ON RDB$USER_PRIVILEGES.RDB$OBJECT_TYPE prev_object_type;
 	SCHAR buf_grantor[sizeof(prev_grantor) + 20];
 	SCHAR user_string[QUOTEDLENGTH + 20];
+	SCHAR obj_string[QUOTEDLENGTH + 20];
 	bool first = true;
 
 	if (!*object)
@@ -1311,6 +1318,139 @@ processing_state SHOW_grants2 (const SCHAR* object,
 		}
 	}
 
+	if (obj_type >= obj_database || obj_type == 255)
+	{
+		if (isqlGlob.major_ods >= ODS_VERSION12)
+		{
+			FOR PRV IN RDB$USER_PRIVILEGES WITH
+				PRV.RDB$OBJECT_TYPE >= obj_database AND
+				PRV.RDB$RELATION_NAME EQ object
+				SORTED BY PRV.RDB$USER, PRV.RDB$GRANT_OPTION
+
+				if (first && optional_msg)
+					isqlGlob.prints(optional_msg);
+
+				first = false;
+				fb_utils::exact_name(PRV.RDB$USER);
+
+				// Only the first character is used for permissions
+
+				const char c = PRV.RDB$PRIVILEGE[0];
+
+				switch (c)
+				{
+				case 'C':
+					priv_flags |= priv_CREATE;
+				break;
+				case 'L':
+					priv_flags |= priv_ALTER;
+					break;
+				case 'O':
+					priv_flags |= priv_DROP;
+					break;
+				default:
+					priv_flags |= priv_UNKNOWN;
+				}
+
+				make_priv_string (priv_flags, priv_string);
+
+				switch (PRV.RDB$USER_TYPE)
+				{
+				case obj_relation:
+				case obj_view:
+				case obj_trigger:
+				case obj_procedure:
+				case obj_udf:
+				case obj_sql_role:
+				case obj_package_header:
+				case obj_user:
+					if (mangle && isqlGlob.db_SQL_dialect > SQL_DIALECT_V6_TRANSITION)
+						IUTILS_copy_SQL_id(PRV.RDB$USER, SQL_identifier, DBL_QUOTE);
+					else
+						strcpy(SQL_identifier, PRV.RDB$USER);
+					break;
+				default:
+					strcpy(SQL_identifier, PRV.RDB$USER);
+					break;
+				}
+
+				set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string);
+
+				switch (PRV.RDB$OBJECT_TYPE)
+				{
+				case obj_database:
+					strcpy(obj_string, "DATABASE");
+					break;
+
+				case obj_relations:
+					strcpy(obj_string, "TABLE");
+					break;
+
+				case obj_views:
+					strcpy(obj_string, "VIEW");
+					break;
+
+				case obj_procedures:
+					strcpy(obj_string, "PROCEDURE");
+					break;
+
+				case obj_functions:
+					strcpy(obj_string, "FUNCTION");
+					break;
+
+				case obj_packages:
+					strcpy(obj_string, "PACKAGE");
+					break;
+
+				case obj_generators:
+					strcpy(obj_string, "GENERATOR");
+					break;
+
+				case obj_domains:
+					strcpy(obj_string, "DOMAIN");
+					break;
+
+				case obj_exceptions:
+					strcpy(obj_string, "EXCEPTION");
+					break;
+
+				case obj_roles:
+					strcpy(obj_string, "ROLE");
+					break;
+
+				case obj_charsets:
+					strcpy(obj_string, "CHARACTER SET");
+					break;
+
+				case obj_collations:
+					strcpy(obj_string, "COLLATION");
+					break;
+
+				case obj_filters:
+					strcpy(obj_string, "FILTER");
+					break;
+				}
+
+				if (PRV.RDB$GRANT_OPTION)
+					strcpy(with_option, " WITH GRANT OPTION");
+				else
+					with_option[0] = '\0';
+
+				isqlGlob.printf("GRANT %s %s TO %s%s%s%s%s",
+						 priv_string, obj_string, user_string, with_option,
+						 granted_by(buf_grantor, PRV.RDB$GRANTOR), terminator, NEWLINE);
+
+			END_FOR
+			ON_ERROR
+				ISQL_errmsg(fbStatus);
+				return ps_ERR;
+			END_ERROR
+
+			if (!first)
+				return (SKIP);
+		}
+	}
+
 	return OBJECT_NOT_FOUND;
 }
 

src/jrd/obj.h

@@ -59,17 +59,16 @@ const int obj_generators		= 26;
 const int obj_domains			= 27;
 const int obj_exceptions		= 28;
 const int obj_roles				= 29;
-const int obj_shadows			= 30;
-const int obj_charsets			= 31;
-const int obj_collations		= 32;
-const int obj_filters			= 33;
+const int obj_charsets			= 30;
+const int obj_collations		= 31;
+const int obj_filters			= 32;
 
-const int obj_type_MAX			= 34;	// keep this last!
+const int obj_type_MAX			= 33;	// keep this last!
 
 // used in the parser only / no relation with obj_type_MAX
-const int obj_user_or_role		= 35;
-const int obj_schema			= 36;
-const int obj_parameter			= 37;
+const int obj_user_or_role		= 34;
+const int obj_schema			= 35;
+const int obj_parameter			= 36;
 
 inline const char* get_object_name(int object_type)
 {
@@ -95,8 +94,6 @@ inline const char* get_object_name(int object_type)
 			return "SQL$EXCEPTIONS";
 		case obj_roles:
 			return "SQL$ROLES";
-		case obj_shadows:
-			return "SQL$SHADOWS";
 		case obj_charsets:
 			return "SQL$CHARSETS";
 		case obj_collations: