[
https://issues.apache.org/jira/browse/TRAFODION-3194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624258#comment-16624258
]
ASF GitHub Bot commented on TRAFODION-3194:
-------------------------------------------
GitHub user robertamarton opened a pull request:
https://github.com/apache/trafodion/pull/1717
Fixes for TRAFODION-3194 && TRAFODION-3195
TRAFODION-3194 Revoke grant option on objects revokes more that grant option
changed Privilege Manager to set bitmaps correctly
removed unused methods from PrivMgrDesc
TRAFODION-3195: Fixes for get commands:
get schemas for user <user>:
returns schemas owned by the specified user
if current user does not have elevated privilege,
returns error if current user does not match <user>.
get schemas for role <role>:
returns schemas owned by the role,
if current user does not have elevated privilege,
returns error if current user has not been granted <role>
get [tables | views | indexes | libraries ] for user <user>:
get [functions | table_mapping_functions | procedures] for user <user>:
get [privileges | roles] for user <user>:
returns objects where <user> has at least one privilege
if current user does not have eleveted privilege
returns error if current user does not match <user>.
get [tables | views | indexes | libraries ] for role <role>:
get [functions | table_mapping_functions | procedures] for role <role>:
get [privileges | users] for <role>:
returns objects where <role> has at least one privilege
if current user does not have eleveted privilege
returns error if current user has not been granted <role>
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion fixes
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafodion/pull/1717.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1717
----
commit afff9935ecd40b0beef8156c773110b40025721f
Author: Roberta Marton <roberta.marton@...>
Date: 2018-09-21T22:29:01Z
Fixes for TRAFODION-3194 && TRAFODION-3195
TRAFODION-3194 Revoke grant option on objects revokes more that grant option
changed Privilege Manager to set bitmaps correctly
removed unused methods from PrivMgrDesc
TRAFODION-3195: Fixes for get commands:
get schemas for user <user>:
returns schemas owned by the specified user
if current user does not have elevated privilege,
returns error if current user does not match <user>.
get schemas for role <role>:
returns schemas owned by the role,
if current user does not have elevated privilege,
returns error if current user has not been granted <role>
get [tables | views | indexes | libraries ] for user <user>:
get [functions | table_mapping_functions | procedures] for user <user>:
get [privileges | roles] for user <user>:
returns objects where <user> has at least one privilege
if current user does not have eleveted privilege
returns error if current user does not match <user>.
get [tables | views | indexes | libraries ] for role <role>:
get [functions | table_mapping_functions | procedures] for role <role>:
get [privileges | users] for <role>:
returns objects where <role> has at least one privilege
if current user does not have eleveted privilege
returns error if current user has not been granted <role>
----
> Revoke grant option for all on objects also revokes all privileges from
> user/role
> ---------------------------------------------------------------------------------
>
> Key: TRAFODION-3194
> URL: https://issues.apache.org/jira/browse/TRAFODION-3194
> Project: Apache Trafodion
> Issue Type: Bug
> Reporter: Roberta Marton
> Assignee: Roberta Marton
> Priority: Major
>
> 'revoke grant option for all' should only revoke the ability to grant all
> privileges to another user/role, but now all privileges will be revoked too.
> revoke grant option for single/combined privileges works as expected.
> Test Result :
> ======================================
> SQL>showddl usera_t1;
> CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1
> (
> A INT DEFAULT NULL NOT SERIALIZED
> , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE
> DEFAULT DEFAULT NULL NOT SERIALIZED
> )
> ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP
> ;
> -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON
> TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION;
> --- SQL operation complete.
> SQL>grant all on usera_t1 to qauser_sqlqaa with grant option;
> --- SQL operation complete.
> SQL>showddl usera_t1;
> CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1
> (
> A INT DEFAULT NULL NOT SERIALIZED
> , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE
> DEFAULT DEFAULT NULL NOT SERIALIZED
> )
> ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP
> ;
> -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON
> TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION;
> GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON
> TRAFODION.TRAFINCSCH1.USERA_T1 TO QAUSER_SQLQAA WITH GRANT OPTION;
> --- SQL operation complete.
> SQL>revoke grant option for all on usera_t1 from qauser_sqlqaa;
> --- SQL operation complete.
> SQL>showddl usera_t1; //qauser_sqlqaa doesn’t have any privilege on the table
> after revoke
> CREATE TABLE TRAFODION.TRAFINCSCH1.USERA_T1
> (
> A INT DEFAULT NULL NOT SERIALIZED
> , B VARCHAR(20) CHARACTER SET ISO88591 COLLATE
> DEFAULT DEFAULT NULL NOT SERIALIZED
> )
> ATTRIBUTES ALIGNED FORMAT NAMESPACE 'TRAF_1500000' INCREMENTAL BACKUP
> ;
> -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON
> TRAFODION.TRAFINCSCH1.USERA_T1 TO DB__ROOT WITH GRANT OPTION;
> --- SQL operation complete.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
