Provileges
----------
Key: CORE-4311
URL: http://tracker.firebirdsql.org/browse/CORE-4311
Project: Firebird Core
Issue Type: Improvement
Components: Engine
Affects Versions: 2.5.2, 2.1.5, 2.5.1, 2.1.4, 2.5.0, 2.1.3, 2.1.2, 2.1.1,
2.1.0
Environment: All platforms
Reporter: Kevin Smith
I've problem with privileges at database level.
Please take at look at following example.
First, let's create objects as sysdba users:
recreate table test1
(
id integer
);
set term ^;
recreate procedure sptest1
as
declare variable i integer;
begin
if (exists (select 1 from test1)) then
i= 1;
end
^
recreate procedure sptest2
as
declare variable i integer;
begin
if (1=0) then
begin
execute procedure sptest1;
end
end
^
grant execute on sptest1 to public;
grant execute on sptest2 to public;
Then when we try to execute sptest procedure as "normal" (not sysdba user) I've
got error message about lack of privieges to access table test1 (even thou
table test1 isn't actually accessed):
execute procedure sptest2;
Why Firebird checks privileges even if object isn't accessed. Is there any way
to change method Firebird checks privileges?
My example is very simple but in my application which consists of few thousands
objects, I often have to grant privilege on object to all users, only because
object is accessed on condition which is never true for most of the users.
I have quite big ERP system which consists of many modules. Obviously, access
to system is restricted both on application and database level.
Each ERP user connects do the database using its own database user.
Firebird database consists of many stored procedures and triggers.
Above mentioned issue is quite important for me and as for now I haven't find
any solution so often I have to loosen security...
One of the solutions I found is to use Dynamic SQL but it has other drawbacks.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
