[ https://issues.apache.org/jira/browse/TRAFODION-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449393#comment-15449393 ]
Roberta Marton commented on TRAFODION-2189: ------------------------------------------- This is a query invalidation issue. If you set the following cqd's in the session, operations work as designed: cqd METADATA_CACHE_SIZE '0'; cqd QUERY_CACHE '0'; > user has incorrect privilege on columns if multiple roles with different > column privileges are granted to the user > ------------------------------------------------------------------------------------------------------------------ > > Key: TRAFODION-2189 > URL: https://issues.apache.org/jira/browse/TRAFODION-2189 > Project: Apache Trafodion > Issue Type: Bug > Components: sql-security > Reporter: Gao, Rui-Xian > Assignee: Roberta Marton > > create role role1; > create role role2; > create schema mysch; > set schema mysch; > create table tab1(col1 int not null primary key,col2 int ,col3 varchar(10)); > grant insert(col1,col2), select(col1,col2) on tab1 to role1 with grant option; > grant update(col2) on tab1 to role1 with grant option; > grant update(col2) on tab1 to role2 with grant option; > grant role role1, role2 to qauser2; > connect as qauser2: > set schema mysch; > insert into tab1(col1,col2) values(2,2); // insert should succeed because > role1 has select privilege on col2. > *** ERROR[4481] The user does not have SELECT privilege on table or view > TRAFODION.MYSCH.TAB1(columns: COL2). [2016-08-24 10:04:08] > *** ERROR[4481] The user does not have INSERT privilege on table or view > TRAFODION.MYSCH.TAB1(columns: COL2). [2016-08-24 10:04:08] -- This message was sent by Atlassian JIRA (v6.3.4#6332)