[
https://issues.apache.org/jira/browse/DERBY-4191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mamta A. Satoor updated DERBY-4191:
-----------------------------------
Attachment: DERBY4191_miniumSelectPrivOnAllTables_stat_patch4.txt
DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt
I have added another patch
DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt which is same as the
previous one except that SubqueryNode during it's bind phase now requires
minimum select privilege on all it's table. It fixes the test case you provided
Rick. I have fired the derbyall and will run junit suite after that. In the
mean time, I will work on adding a test case for this subquery scenario and
will add test case for roles (as Rick pointed out in his last review).
> Lack of SELECT privilege does not prevent SELECT COUNT(*)
> ---------------------------------------------------------
>
> Key: DERBY-4191
> URL: https://issues.apache.org/jira/browse/DERBY-4191
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.4.2.0, 10.5.1.1
> Reporter: Knut Anders Hatlen
> Assignee: Mamta A. Satoor
> Attachments:
> DERBY4191_ColumnLevelCheckInStatmentColumnPerm_diff_patch2.txt,
> DERBY4191_ColumnLevelCheckInStatmentColumnPerm_stat_patch2.txt,
> DERBY4191_ColumnLevelCheckInStatmentTablePerm_diff_patch1.txt,
> DERBY4191_countStar_privilege_diff_patch1.txt,
> DERBY4191_miniumSelectPrivOnAllTables_diff_patch3.txt,
> DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt,
> DERBY4191_miniumSelectPrivOnAllTables_stat_patch3.txt,
> DERBY4191_miniumSelectPrivOnAllTables_stat_patch4.txt, repro.sql
>
>
> A user that does not have SELECT privilege on a table can still perform a
> SELECT COUNT(*) on that table. Counting a specific column (e.g., SELECT
> COUNT(X)) is prevented.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
