Gao, Rui-Xian created TRAFODION-2407:
----------------------------------------
Summary: Need include privilege checking on 'PUBLIC' when getting
privileges for a user
Key: TRAFODION-2407
URL: https://issues.apache.org/jira/browse/TRAFODION-2407
Project: Apache Trafodion
Issue Type: Improvement
Components: sql-security
Reporter: Gao, Rui-Xian
Assignee: Roberta Marton
Some privilege checking for specific commands will be affected by privileges on
PUBLIC, so we'd better include privilege checking for PUBLIC when getting
privileges for a user.
For example, we have privilege checking for SHOWDDL commands. To perform a
SHOWDDL one must:
-- be DB__ROOT
-- be object owner
-- have the SHOW privilege (PUBLIC & DB__ROOTROLE has priv)
-- have SELECT privileges on object
So a user can do showddl on any objects if PUBLIC has SHOW component privilege.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
