[ 
https://issues.apache.org/jira/browse/TRAFODION-2203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15524216#comment-15524216
 ] 

ASF GitHub Bot commented on TRAFODION-2203:
-------------------------------------------

GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/729

    TRAFODION-2203 - a user can grant privileges that he doesn’t have ... ... 
to other users/roles successfully

    In this case, the user/role did not get the privilege requested even though 
the
    operation successfully completed.  So the requester is lead to believe that 
the
    privilege was granted.
    
    ANSI states that: "warning <privilege not granted>" should be displayed for 
    each combination of grantee<=>privilege that was not granted. However, 
    privileges that can be successfully granted should be granted. The grant 
code 
    does not grant any privileges it cannot grant but is not reporting warnings 
if
    the privilege is not granted. Ditto for revoke.
    
    The code now reports warnings if not all privileges were granted or revoked 
for
    both object and column privileges.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion traf-2177

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/729.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #729
    
----
commit 877a8e8a6d0fd8d4ed1ef808954eb95fb4834add
Author: Roberta Marton <[email protected]>
Date:   2016-09-26T21:22:55Z

    TRAFODION-2203 - a user can grant privileges that he doesn’t have ...
    
    ... to other users/roles successfully
    
    In this case, the user/role did not get the privilege requested even though 
the
    operation successfully completed.  So the requester is lead to believe that 
the
    privilege was granted.
    
    ANSI states that: "warning <privilege not granted>" should be displayed for
    each combination of grantee<=>privilege that was not granted. However,
    privileges that can be successfully granted should be granted. The grant 
code
    does not grant any privileges it cannot grant but is not reporting warnings 
if
    the privilege is not granted. Ditto for revoke.
    
    The code now reports warnings if not all privileges were granted or revoked 
for
    both object and column privileges.
    
    Also As part of this fix, the next piece of unifying object and column
    privileges has been performed.  This task:
    
    - Replaced ColPrivEntry with a PrivMgrCoreDesc - now object and column privs
      have the same base structure.
    - Create a new method that performs common functions between grant and 
revoke
      statements
    - Removed methods not longer needed
    - Use column level privileges in the privsToGrant and privsToRevoke structs
    - Fixed bug in showddl where privileges were not always displayed.
    - Minor changes to make object and columns names more unified

----


>  a user can grant privileges that he doesn’t have to other users/roles 
> successfully
> -----------------------------------------------------------------------------------
>
>                 Key: TRAFODION-2203
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2203
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-security
>         Environment: Centos6.7
> EsgynDB R2.2 0825daily
>            Reporter: Gao, Rui-Xian
>            Assignee: Roberta Marton
>
> a  user can grant privileges that he doesn’t have to other users/roles 
> successfully.
> To reproduce --
> root user --
> create role role1;
> create schema mysch;
> set schema mysch;
> create table tab1(a int, b int)no partition;
> grant insert on tab1 to testuser1 with grant option;
> connect as testuser1 --
> set schema mysch;
> SQL>grant select on tab1 to role1;
> *** ERROR[1012] No privileges were granted.  You lack grant option on the 
> specified privileges. [2016-09-01 15:31:33] //Rachel: this is expected
> SQL>grant insert ,select on tab1 to role1;
> --- SQL operation complete.   // should return error, testuser1 doesn’t have 
> select privilege on tab1



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to