[ http://issues.apache.org/jira/browse/DERBY-1330?page=comments#action_12420027 ]
Knut Anders Hatlen commented on DERBY-1330: ------------------------------------------- I have seen this regression test failure a couple of times lately. Could it be related to this issue? ********* Diff file derbyall/derbylang/grantRevokeDDL.diff *** Start: grantRevokeDDL jdk1.5.0_04 derbyall:derbylang 2006-07-10 09:56:26 *** 560 del < ERROR 28508: User 'MAMTA3' does not have select permission on column 'C111' of table 'MAMTA2'.'V22'. 560a560 > ERROR 28508: User 'MAMTA3' does not have select permission on column 'C111' > of table 'MAMTA2'.'V21'. Test Failed. *** End: grantRevokeDDL jdk1.5.0_04 derbyall:derbylang 2006-07-10 09:56:37 *** It seems to happen on both Solaris and Linux, JVM 1.4 and 1.5: http://www.multinet.no/~solberg/public/Apache/Derby/testlog/Linux-2.6.9-34.ELsmp_x86_64-x86_64/420328-derbylang_diff.txt http://www.multinet.no/~solberg/public/Apache/Derby/testlog/SunOS-5.10_i86pc-i386/420328-derbylang_diff.txt http://www.multinet.no/~solberg/public/Apache/DerbyJvm1.4/testlog/Linux-2.6.9-34.ELsmp_x86_64-x86_64/420328-derbyall_diff.txt http://www.multinet.no/~solberg/public/Apache/DerbyJvm1.4/testlog/SunOS-5.10_i86pc-i386/420328-derbyall_diff.txt It does not happen on the tinderbox, though. > Provide runtime privilege checking for grant/revoke functionality > ----------------------------------------------------------------- > > Key: DERBY-1330 > URL: http://issues.apache.org/jira/browse/DERBY-1330 > Project: Derby > Type: Sub-task > Components: SQL > Versions: 10.2.0.0 > Reporter: Mamta A. Satoor > Assignee: Mamta A. Satoor > Attachments: AuthorizationModelForDerbySQLStandardAuthorization.html, > AuthorizationModelForDerbySQLStandardAuthorizationV2.html, > Derby1330PrivilegeCollectionV2diff.txt, > Derby1330PrivilegeCollectionV2stat.txt, > Derby1330PrivilegeCollectionV3diff.txt, > Derby1330PrivilegeCollectionV3stat.txt, > Derby1330ViewPrivilegeCollectionV1diff.txt, > Derby1330ViewPrivilegeCollectionV1stat.txt > > Additional work needs to be done for grant/revoke to make sure that only > users with required privileges can access various database objects. In order > to do that, first we need to collect the privilege requirements for various > database objects and store them in SYS.SYSREQUIREDPERM. Once we have this > information then when a user tries to access an object, the required > SYS.SYSREQUIREDPERM privileges for the object will be checked against the > user privileges in SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and > SYS.SYSROUTINEPERMS. The database object access will succeed only if the user > has the necessary privileges. > SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS are already > populated by Satheesh's work on DERBY-464. But SYS.SYSREQUIREDPERM doesn't > have any information in it at this point and hence no runtime privilege > checking is getting done at this point. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira