Rick Hillegas created DERBY-6428:
------------------------------------
Summary: Adding an update trigger to a table causes Derby to
require overbroad update privileges
Key: DERBY-6428
URL: https://issues.apache.org/jira/browse/DERBY-6428
Project: Derby
Issue Type: Bug
Components: SQL
Affects Versions: 10.11.0.0
Reporter: Rick Hillegas
If you put a before update row-level trigger on a table, then when you try to
update the table, Derby requires UPDATE privilege on columns which you aren't
updating. The following script shows this problem:
{noformat}
connect 'jdbc:derby:memory:db;user=test_dbo;create=true';
call syscs_util.syscs_create_user( 'TEST_DBO', 'test_dbopassword' );
call syscs_util.syscs_create_user( 'RUTH', 'ruthpassword' );
connect 'jdbc:derby:memory:db;shutdown=true';
connect 'jdbc:derby:memory:db;user=test_dbo;password=test_dbopassword' as dbo;
create table t1_025
(
a int primary key,
e_update_t1_ruth int
);
create procedure addHistoryRow_025
(
actionString varchar( 20 ),
actionValue int
)
language java parameter style java reads sql data
external name
'org.apache.derbyTesting.functionTests.tests.lang.MergeStatementTest.addHistoryRow';
-- if you comment out this trigger definition, then the final UPDATE works
create trigger t1_025_upd_before
no cascade before update on t1_025
referencing old as old
for each row
call addHistoryRow_025( 'before', old.e_update_t1_ruth );
grant update ( e_update_t1_ruth ) on t1_025 to ruth;
grant execute on procedure addHistoryRow_025 to ruth;
insert into t1_025 values ( 1, 1 );
connect 'jdbc:derby:memory:db;user=ruth;password=ruthpassword' as ruth;
-- fails, saying that ruth doesn't have UPDATE privilege on test_dbo.t1_025.a
update test_dbo.t1_025 set e_update_t1_ruth = 17;
set connection dbo;
drop trigger t1_025_upd_before;
set connection ruth;
-- without the trigger, the statement succeeds
update test_dbo.t1_025 set e_update_t1_ruth = 17;
{noformat}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
