Re: [Firebird-devel] DDL permissions

Fri, 01 Aug 2014 07:58:31 -0700 

Roman Simakov <roman.sima...@red-soft.biz> wrote Fri, 04 Jul 2014 18:23:38  
+0400:

> Hello!
>
> I'd like to present a patch for firebird trunk which implements
> http://tracker.firebirdsql.org/browse/CORE-735 like Red Database does.
>
> I'm ready to answer any questions.
>
> I'd like to commit it. Opinions?
>

DDL permissions is very good, but so far it is possible to modify the  
system tables are not useful enough. For some system tables is already  
banned, but some still allow some nastiness.
A few simple examples:

SQL> connect 'localhost:test' user 'sysdba' password 'masterkey';
Database:  'localhost:test', User: sysdba
SQL> /* Example 1 */
SQL> comment on database is 'good database';
SQL> connect 'localhost:test' user 'test' password 'test';
Commit current transaction (y/n)?y
Committing.
Database:  'localhost:test', User: test
SQL> show comment database;
COMMENT ON DATABASE     IS good database;
SQL> comment on database is 'bad database';
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-COMMENT ON  failed
-no permission for ALTER access to DATABASE
SQL> update rdb$database set rdb$description='bad database';
SQL> commit;
SQL> show comment database;
COMMENT ON DATABASE     IS bad database;
SQL> /* 2 example */
SQL> create exception E1 'My exception';
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-CREATE EXCEPTION E1 failed
-There is no privilege for this operation
SQL> show exceptions;
There are no exceptions in this database
SQL> insert into RDB$EXCEPTIONS(RDB$EXCEPTION_NAME) VALUES ('E1');
SQL> commit;
SQL> show exceptions;
Exception Name                  Used by, Type
===============================  
=============================================
E1

-- 
Simonov Denis


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to