[ http://issues.apache.org/jira/browse/DERBY-1592?page=all ]
Satheesh Bandaram closed DERBY-1592.
------------------------------------
Assignee: Satheesh Bandaram
> Update statement is allowed to execute even though the column that the
> statement access has been revoked.
> ---------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1592
> URL: http://issues.apache.org/jira/browse/DERBY-1592
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Environment: Sun JDK 142
> Reporter: Yip Ng
> Assigned To: Satheesh Bandaram
>
> Update statement is allowed to execute even though the column that the
> statement access has been revoked.
> The same applies for a select statement. Example shown below: user2 is able
> to execute the update statement
> but update privilege on c2 has already been revoked.
> ij version 10.2
> ij> connect 'jdbc:derby:authtest;create=true' user 'user1' as user1;
> ij> create table t1 (c1 int, c2 int);
> 0 rows inserted/updated/deleted
> ij> insert into t1 values (1,1);
> 1 row inserted/updated/deleted
> ij> grant select,update,insert on t1 to user2;
> 0 rows inserted/updated/deleted
> ij> select * from sys.systableperms;
> TABLEPERMSID |GRANTEE
>
> |GRANTOR
> |TABLEID
> |&|&|&|&|&|&
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 67d0407f-010c-aa11-4d39-000000101010|USER2
>
> |USER1
>
> |2753c07b-010c-aa11-4d39-000000101010|y|N|y|y|N|N
> 1 row selected
> ij> select * from sys.syscolperms;
> COLPERMSID |GRANTEE
>
> |GRANTOR
> |TABLEID
> |&|COLUMNS
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 0 rows selected
> ij> revoke update (c2) on t1 from user2;
> 0 rows inserted/updated/deleted
> ij> select * from sys.systableperms;
> TABLEPERMSID |GRANTEE
>
> |GRANTOR
> |TABLEID
> |&|&|&|&|&|&
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 67d0407f-010c-aa11-4d39-000000101010|USER2
>
> |USER1
>
> |2753c07b-010c-aa11-4d39-000000101010|y|N|y|y|N|N
> 1 row selected
> ij> select * from sys.syscolperms;
> COLPERMSID |GRANTEE
>
> |GRANTOR
> |TABLEID
> |&|COLUMNS
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 0 rows selected
> ij> connect 'jdbc:derby:authtest' user 'user2' as user2;
> ij(USER2)> update user1.t1 set c2=10;
> 1 row inserted/updated/deleted
> ij(USER2)>
> sysinfo:
> C:\derby\trunk>java -classpath classes;. org.apache.derby.tools.sysinfo
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\jdk142\jre
> Java classpath: classes;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: yip
> Java user home: C:\Documents and Settings\Administrator
> Java user dir: C:\derby\trunk
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\derby\trunk\classes] 10.2.0.5 alpha - (425559M)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [es]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [fr]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [it]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [ja_JP]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [ko_KR]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [pt_BR]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [zh_CN]
> version: 10.2.0.5 alpha - (425559M)
> Found support for locale: [zh_TW]
> version: 10.2.0.5 alpha - (425559M)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
