[
https://issues.apache.org/jira/browse/DERBY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510472
]
Daniel John Debrunner commented on DERBY-2893:
----------------------------------------------
This means this might still be a test issue and not a bug with grant/revoke.
> INSERT and UPDATES succeed when permission has not been granted.
> ----------------------------------------------------------------
>
> Key: DERBY-2893
> URL: https://issues.apache.org/jira/browse/DERBY-2893
> Project: Derby
> Issue Type: Bug
> Components: Security, SQL
> Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
> Reporter: Daniel John Debrunner
> Priority: Critical
>
> GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form
> try {
> s.execute(command)
> } catch (SQLException sqle)
> {
> if (!hasPrivilege)
> assertSQLState("42502", e);
> else
> fail(...);
> }
> Note that no fail() assert was in the try portion after the SQL execution.
> The statement should not work if hasPrivilege is false, but the test will
> incorrectly pass if the statement succeeds. I added fail asserts with
> revision 552922 like:
> if (!hasPrivilege)
> fail("expected no INSERT permission on table");
> but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures
> fail) indicating that the statement succeeds even if the permission is not
> granted.
> It could be a test problem but needs some investigation.
> The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented
> out to stop the test failing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
