[ https://issues.apache.org/jira/browse/TRAFODION-3194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624258#comment-16624258 ]
ASF GitHub Bot commented on TRAFODION-3194: ------------------------------------------- GitHub user robertamarton opened a pull request: https://github.com/apache/trafodion/pull/1717 Fixes for TRAFODION-3194 && TRAFODION-3195 TRAFODION-3194 Revoke grant option on objects revokes more that grant option changed Privilege Manager to set bitmaps correctly removed unused methods from PrivMgrDesc TRAFODION-3195: Fixes for get commands: get schemas for user <user>: returns schemas owned by the specified user if current user does not have elevated privilege, returns error if current user does not match <user>. get schemas for role <role>: returns schemas owned by the role, if current user does not have elevated privilege, returns error if current user has not been granted <role> get [tables | views | indexes | libraries ] for user <user>: get [functions | table_mapping_functions | procedures] for user <user>: get [privileges | roles] for user <user>: returns objects where <user> has at least one privilege if current user does not have eleveted privilege returns error if current user does not match <user>. get [tables | views | indexes | libraries ] for role <role>: get [functions | table_mapping_functions | procedures] for role <role>: get [privileges | users] for <role>: returns objects where <role> has at least one privilege if current user does not have eleveted privilege returns error if current user has not been granted <role> You can merge this pull request into a Git repository by running: $ git pull https://github.com/robertamarton/incubator-trafodion fixes Alternatively you can review and apply these changes as the patch at: https://github.com/apache/trafodion/pull/1717.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1717 ---- commit afff9935ecd40b0beef8156c773110b40025721f Author: Roberta Marton <roberta.marton@...> Date: 2018-09-21T22:29:01Z Fixes for TRAFODION-3194 && TRAFODION-3195 TRAFODION-3194 Revoke grant option on objects revokes more that grant option changed Privilege Manager to set bitmaps correctly removed unused methods from PrivMgrDesc TRAFODION-3195: Fixes for get commands: get schemas for user <user>: returns schemas owned by the specified user if current user does not have elevated privilege, returns error if current user does not match <user>. get schemas for role <role>: returns schemas owned by the role, if current user does not have elevated privilege, returns error if current user has not been granted <role> get [tables | views | indexes | libraries ] for user <user>: get [functions | table_mapping_functions | procedures] for user <user>: get [privileges | roles] for user <user>: returns objects where <user> has at least one privilege if current user does not have eleveted privilege returns error if current user does not match <user>. get [tables | views | indexes | libraries ] for role <role>: get [functions | table_mapping_functions | procedures] for role <role>: get [privileges | users] for <role>: returns objects where <role> has at least one privilege if current user does not have eleveted privilege returns error if current user has not been granted <role> ---- > Revoke grant option for all on objects also revokes all privileges from > user/role > --------------------------------------------------------------------------------- > > Key: TRAFODION-3194 > URL: https://issues.apache.org/jira/browse/TRAFODION-3194 > Project: Apache Trafodion > Issue Type: Bug > Reporter: Roberta Marton > Assignee: Roberta Marton > Priority: Major > > 'revoke grant option for all' should only revoke the ability to grant all > privileges to another user/role, but now all privileges will be revoked too. > revoke grant option for single/combined privileges works as expected. > Test Result : > ====================================== > SQL>showddl usera_t1; > CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1 > ( > A INT DEFAULT NULL NOT SERIALIZED > , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE > DEFAULT DEFAULT NULL NOT SERIALIZED > ) > ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP > ; > -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON > TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION; > --- SQL operation complete. > SQL>grant all on usera_t1 to qauser_sqlqaa with grant option; > --- SQL operation complete. > SQL>showddl usera_t1; > CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1 > ( > A INT DEFAULT NULL NOT SERIALIZED > , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE > DEFAULT DEFAULT NULL NOT SERIALIZED > ) > ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP > ; > -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON > TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION; > GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON > TRAFODION.TRAFINCSCH1.USERA_T1 TO QAUSER_SQLQAA WITH GRANT OPTION; > --- SQL operation complete. > SQL>revoke grant option for all on usera_t1 from qauser_sqlqaa; > --- SQL operation complete. > SQL>showddl usera_t1; //qauser_sqlqaa doesn’t have any privilege on the table > after revoke > CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1 > ( > A INT DEFAULT NULL NOT SERIALIZED > , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE > DEFAULT DEFAULT NULL NOT SERIALIZED > ) > ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP > ; > -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON > TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION; > --- SQL operation complete. -- This message was sent by Atlassian JIRA (v7.6.3#76005)