[Firebird-devel] [FB-Tracker] Created: (CORE-5827) ALTER CURRENT USER fails with "no permission for <...> TABLE PLG$SRP" if current user: 1) has NO admin role and 2) wants to modify his own TAGS list

[Pavel Zotov (JIRA)]

ALTER CURRENT USER fails with "no permission for <...> TABLE PLG$SRP" if 
current user: 1) has NO admin role and 2) wants to modify his own TAGS list
----------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: CORE-5827
                 URL: http://tracker.firebirdsql.org/browse/CORE-5827
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine, Security
    Affects Versions: 3.0.3, 4.0 Alpha 1
            Reporter: Pavel Zotov


connect 'localhost:employee' user SYSDBA  password 'masterkey';

create user tmp$c3365 
    password 'UseSrp' 
    firstname 'Mary' 
--grant admin role ----------------------- NB: no error will be raised if we 
UNCOMMENT this line
using plugin Srp 
    tags (
         key1 = 'val111'
        ,key2 = 'val222'
        ,key3 = 'val333'
    )
;
commit;

connect 'localhost:employee' user tmp$c3365 password 'UseSrp';

select current_user as who_am_i from rdb$database;

-- OUTPUT will be: WHO_AM_I                        TMP$C3365

commit;

--- passed w/o error:
alter current user 
    set password 'FooSrp' firstname 'Scott' lastname 'Tiger'
    using plugin Srp 
;
commit;

-- DOES raise error if current user has no admin role:
alter current user 
    using plugin Srp 
    tags (
         Foo =  'Bar'
        ,key1 = 'val11'
        ,Rio =  '1565'
        ,drop key3
        ,drop key2
    )
;
Statement failed, SQLSTATE = 28000
modify record error
-no permission for SELECT access to TABLE PLG$SRP

If user has to be granted with ADMIN role to be able to modify his own TAGS 
list then this should be noted in documentation.
But it seems to me that user must have ability to change ALL his attributes 
(except active/inactive state), including TAGS list.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel