[
https://issues.apache.org/jira/browse/TRAFODION-2203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15526853#comment-15526853
]
ASF GitHub Bot commented on TRAFODION-2203:
-------------------------------------------
Github user DaveBirdsall commented on a diff in the pull request:
https://github.com/apache/incubator-trafodion/pull/729#discussion_r80747563
--- Diff: core/sql/sqlcomp/PrivMgrPrivileges.cpp ---
@@ -3182,34 +3042,107 @@ PrivStatus
PrivMgrPrivileges::revokeColumnPrivileges(
// Create list of ColumnReferences
objectUsage.columnReferences = new std::vector<ColumnReference *>;
- for (size_t i = 0; i < colPrivsToRevoke.size(); i++)
+ for (size_t i = 0; i < colPrivsToRevoke.entries(); i++)
{
- ColPrivEntry &colPrivToRevoke = colPrivsToRevoke[i];
- ColPrivEntry *grantedColPriv = findColumnEntry(grantedColPrivs,
colPrivToRevoke.getColumnOrdinal());
+ PrivMgrCoreDesc &colPrivToRevoke = colPrivsToRevoke[i];
+ PrivMgrCoreDesc *grantedColPriv = findColumnEntry(grantedColPrivs,
colPrivToRevoke.getColumnOrdinal());
if (grantedColPriv)
{
- ColumnReference *adjustedCol = new ColumnReference;
- adjustedCol->columnOrdinal = colPrivToRevoke.getColumnOrdinal();
- adjustedCol->originalPrivs = grantedColPriv->getPrivDesc();
- PrivMgrCoreDesc adjustedPrivs = grantedColPriv->getPrivDesc();
- adjustedPrivs.AndNot(colPrivToRevoke.getPrivDesc());
- adjustedCol->updatedPrivs = adjustedPrivs;
- objectUsage.columnReferences->push_back(adjustedCol);
- }
- }
+ if (colPrivToRevoke.anyNotSet(*grantedColPriv))
+ {
+ // sanity check -> verify that privileges to revoke actually are
set
+ // in the granted list
+ for (size_t p = FIRST_DML_COL_PRIV; p <= LAST_DML_COL_PRIV; p++ )
+ {
+ PrivType type = (PrivType)p;
+
+ // If trying to revoke a privilege that is not granted or
+ // if trying to revoke grant option that is not granted,
report it
+ //if ((colPrivToRevoke.getPriv(type) &&
!grantedColPriv->getPriv(type)) ||
+ // (!colPrivToRevoke.getPriv(type) &&
colPrivToRevoke.getWgo(type) && !grantedColPriv->getWgo(type)))
+ bool printWarning = false;
+ bool printWgo = false;
+ if (colPrivToRevoke.getPriv(type))
+ {
+ if ( !grantedColPriv->getPriv(type))
+ printWarning = true;
+ }
+ else
+ {
+ if (colPrivToRevoke.getWgo(type) &&
!grantedColPriv->getWgo(type))
+ {
+ printWarning = true;
+ printWgo = true;
--- End diff --
I didn't see printWgo used anywhere. It's only a problem though if there is
some logic you intended but forgot.
> a user can grant privileges that he doesn’t have to other users/roles
> successfully
> -----------------------------------------------------------------------------------
>
> Key: TRAFODION-2203
> URL: https://issues.apache.org/jira/browse/TRAFODION-2203
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-security
> Environment: Centos6.7
> EsgynDB R2.2 0825daily
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> a user can grant privileges that he doesn’t have to other users/roles
> successfully.
> To reproduce --
> root user --
> create role role1;
> create schema mysch;
> set schema mysch;
> create table tab1(a int, b int)no partition;
> grant insert on tab1 to testuser1 with grant option;
> connect as testuser1 --
> set schema mysch;
> SQL>grant select on tab1 to role1;
> *** ERROR[1012] No privileges were granted. You lack grant option on the
> specified privileges. [2016-09-01 15:31:33] //Rachel: this is expected
> SQL>grant insert ,select on tab1 to role1;
> --- SQL operation complete. // should return error, testuser1 doesn’t have
> select privilege on tab1
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
