[jira] Updated: (DERBY-3736) Revoking a column level privilege from a user, a prepared statement relying on that privilege can still be executed

Wed, 02 Jul 2008 05:40:08 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-3736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dag H. Wanvik updated DERBY-3736:
---------------------------------

    Attachment: derby-3736.stat
                derby-3736.diff

Enclosing a patch which fixes the issue by adding a
line for the column case in TablePrivilegeInfo:

> dd.getDependencyManager().invalidateFor
   (td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);

There is already such a line for the case when a table level privilege is 
revoked
and there it carries the following comment:

// When revoking a privilege from a Table we need to
// invalidate all GPSs refering to it. But GPSs aren't
// Dependents of TablePermsDescr, but of the
// TableDescriptor itself, so we must send
// INTERNAL_RECOMPILE_REQUEST to the TableDescriptor's
// Dependents.

The patch adds the test case to GrantRevokeDDLTest uploaded earlier.
It fails without the above change to TablePrivilegeInfo, but works with it.

Running regressions now, ready for review.

> Revoking a column level privilege from a user, a prepared statement relying 
> on that privilege can still be executed 
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3736
>                 URL: https://issues.apache.org/jira/browse/DERBY-3736
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>         Attachments: column-level.sql, derby-3736.diff, derby-3736.stat, 
> GrantRevokeDDLTest.diff, table-level.sql
>
>
> When a table level SELECT privilege is revoked, a dependent prepared 
> statement is 
> invalidated and can no longer be executed, but in the case of a column level 
> privilege
> SELECT privilege, the dependent prepared statement can still be executed.
> This works as expected in 10.2, but does not work in all 10.3 and 10.4 
> releases.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to