INSERT and UPDATES succeed when permission has not been granted.
----------------------------------------------------------------
Key: DERBY-2893
URL: https://issues.apache.org/jira/browse/DERBY-2893
Project: Derby
Issue Type: Bug
Components: Security, SQL
Affects Versions: 10.4.0.0
Reporter: Daniel John Debrunner
Priority: Critical
GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form
try {
s.execute(command)
} catch (SQLException sqle)
{
if (!hasPrivilege)
assertSQLState("42502", e);
else
fail(...);
}
Note that no fail() assert was in the try portion after the SQL execution. The
statement should not work if hasPrivilege is false, but the test will
incorrectly pass if the statement succeeds. I added fail asserts with revision
552922 like:
if (!hasPrivilege)
fail("expected no INSERT permission on table");
but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures
fail) indicating that the statement succeeds even if the permission is not
granted.
It could be a test problem but needs some investigation.
The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented
out to stop the test failing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
