Gao, Rui-Xian created TRAFODION-2339:
----------------------------------------
Summary: column privilege -- a user who doesn't have select
privilege on all columns can insert data into the table
Key: TRAFODION-2339
URL: https://issues.apache.org/jira/browse/TRAFODION-2339
Project: Apache Trafodion
Issue Type: Bug
Components: sql-security
Environment: CDH5.4.8 HDP2.4.0
esgynDB R2.2 1023 daily
Reporter: Gao, Rui-Xian
a user who doesn't have select privilege on all columns can insert data into
the table successfully.
>>create table tab2(a int, b int, c int);
--- SQL operation complete.
>>grant insert(a,c),select(a) on tab2 to testuser1;
--- SQL operation complete.
>>grant insert(b,c),select(b) on tab2 to testuser1;
--- SQL operation complete.
>>showddl tab2;
CREATE TABLE TRAFODION.MYTESTSCH.TAB2
(
A INT DEFAULT NULL NOT SERIALIZED
, B INT DEFAULT NULL NOT SERIALIZED
, C INT DEFAULT NULL NOT SERIALIZED
)
ATTRIBUTES ALIGNED FORMAT
;
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.MYTESTSCH.TAB2
TO DB__ROOT WITH GRANT OPTION;
GRANT SELECT(A, B), INSERT(A, B, C) ON TRAFODION.MYTESTSCH.TAB2 TO TESTUSER1;
--- SQL operation complete.
connect as testuser1 --
SQL>select * from tab2;
*** ERROR[4481] The user does not have SELECT privilege on table or view
TRAFODION.MYTESTSCH.TAB2(columns: C). [2016-11-04 17:07:42]
SQL>insert into tab2 values(1,2,3);
--- 1 row(s) inserted.
testuser1 doesn't have select privilege on columnC, but insert data into
columnC successfully.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
