[Firebird-devel] [FB-Tracker] Created: (CORE-6489) User without ALTER ANY ROLE privilege can use COMMENT ON ROLE

Mark Rotteveel (JIRA) Tue, 16 Feb 2021 06:10:24 -0800

User without ALTER ANY ROLE privilege can use COMMENT ON ROLE
-------------------------------------------------------------


                 Key: CORE-6489
                 URL: http://tracker.firebirdsql.org/browse/CORE-6489
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine
    Affects Versions: 4.0 RC 1, 3.0.7
            Reporter: Mark Rotteveel


A normal user without the ALTER ANY ROLE privilege is allowed to put comments 
on roles.

```
create user testuser password 'testuser';
commit;
connect '<db>' user testuser password 'testuser';
comment on role rdb$admin is 'unprivileged comment';
commit;
```

The comment is added on role RDB$ADMIN without error, expected behaviour is an 
error with a message like:

"""
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-COMMENT ON XYZ failed
-no permission for ALTER access to ROLE RDB$ADMIN
-Effective user is TESTUSER
"""


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

[Firebird-devel] [FB-Tracker] Created: (CORE-6489) User without ALTER ANY ROLE privilege can use COMMENT ON ROLE

Reply via email to