[
https://issues.apache.org/jira/browse/TRAFODION-2203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15524216#comment-15524216
]
ASF GitHub Bot commented on TRAFODION-2203:
-------------------------------------------
GitHub user robertamarton opened a pull request:
https://github.com/apache/incubator-trafodion/pull/729
TRAFODION-2203 - a user can grant privileges that he doesn’t have ... ...
to other users/roles successfully
In this case, the user/role did not get the privilege requested even though
the
operation successfully completed. So the requester is lead to believe that
the
privilege was granted.
ANSI states that: "warning <privilege not granted>" should be displayed for
each combination of grantee<=>privilege that was not granted. However,
privileges that can be successfully granted should be granted. The grant
code
does not grant any privileges it cannot grant but is not reporting warnings
if
the privilege is not granted. Ditto for revoke.
The code now reports warnings if not all privileges were granted or revoked
for
both object and column privileges.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/robertamarton/incubator-trafodion traf-2177
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafodion/pull/729.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #729
----
commit 877a8e8a6d0fd8d4ed1ef808954eb95fb4834add
Author: Roberta Marton <[email protected]>
Date: 2016-09-26T21:22:55Z
TRAFODION-2203 - a user can grant privileges that he doesn’t have ...
... to other users/roles successfully
In this case, the user/role did not get the privilege requested even though
the
operation successfully completed. So the requester is lead to believe that
the
privilege was granted.
ANSI states that: "warning <privilege not granted>" should be displayed for
each combination of grantee<=>privilege that was not granted. However,
privileges that can be successfully granted should be granted. The grant
code
does not grant any privileges it cannot grant but is not reporting warnings
if
the privilege is not granted. Ditto for revoke.
The code now reports warnings if not all privileges were granted or revoked
for
both object and column privileges.
Also As part of this fix, the next piece of unifying object and column
privileges has been performed. This task:
- Replaced ColPrivEntry with a PrivMgrCoreDesc - now object and column privs
have the same base structure.
- Create a new method that performs common functions between grant and
revoke
statements
- Removed methods not longer needed
- Use column level privileges in the privsToGrant and privsToRevoke structs
- Fixed bug in showddl where privileges were not always displayed.
- Minor changes to make object and columns names more unified
----
> a user can grant privileges that he doesn’t have to other users/roles
> successfully
> -----------------------------------------------------------------------------------
>
> Key: TRAFODION-2203
> URL: https://issues.apache.org/jira/browse/TRAFODION-2203
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-security
> Environment: Centos6.7
> EsgynDB R2.2 0825daily
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> a user can grant privileges that he doesn’t have to other users/roles
> successfully.
> To reproduce --
> root user --
> create role role1;
> create schema mysch;
> set schema mysch;
> create table tab1(a int, b int)no partition;
> grant insert on tab1 to testuser1 with grant option;
> connect as testuser1 --
> set schema mysch;
> SQL>grant select on tab1 to role1;
> *** ERROR[1012] No privileges were granted. You lack grant option on the
> specified privileges. [2016-09-01 15:31:33] //Rachel: this is expected
> SQL>grant insert ,select on tab1 to role1;
> --- SQL operation complete. // should return error, testuser1 doesn’t have
> select privilege on tab1
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
