[jira] [Commented] (TRAFODION-2294) need add privilege checking for explain statement

Gao, Rui-Xian (JIRA) Sun, 14 May 2017 20:13:28 -0700

    [ 
https://issues.apache.org/jira/browse/TRAFODION-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16009952#comment-16009952
 ]


Gao, Rui-Xian commented on TRAFODION-2294:
------------------------------------------

The fix has been verified on R2.3 0510 daily build.

SQL>connect testuser2/user2pass;
Connected to EsgynDB Advanced

SQL>set schema testsch1;

--- SQL operation complete.

SQL>select * from tab1;

*** ERROR[4481] The user does not have SELECT privilege on table or view 
TRAFODION.TESTSCH1.TAB1. [2017-05-15 03:02:25]

SQL>explain options 'f' select * from tab1;


LC   RC   OP   OPERATOR              OPT       DESCRIPTION           CARD
---- ---- ---- --------------------  --------  --------------------  ---------

1    .    2    root                                                  1.00E+002
.    .    1    trafodion_scan                  TAB1                  1.00E+002

--- SQL operation complete.

SQL>select * from tab1;

*** ERROR[4481] The user does not have SELECT privilege on table or view 
TRAFODION.TESTSCH1.TAB1. [2017-05-15 03:04:47]

SQL>insert into tab1 values(20,20);

*** ERROR[4481] The user does not have INSERT privilege on table or view 
TRAFODION.TESTSCH1.TAB1. [2017-05-15 03:06:17]

SQL>explain options 'f' insert into tab1 values(20,20);


LC   RC   OP   OPERATOR              OPT       DESCRIPTION           CARD
---- ---- ---- --------------------  --------  --------------------  ---------

1    .    2    root                  o                               1.00E+000
.    .    1    trafodion_insert                TAB1                  1.00E+000

--- SQL operation complete.

SQL>insert into tab1 values(20,20);

*** ERROR[4481] The user does not have INSERT privilege on table or view 
TRAFODION.TESTSCH1.TAB1. [2017-05-15 03:06:31]

SQL>create view v1 as select * from tab1;

*** ERROR[4481] The user does not have SELECT privilege on table or view 
TRAFODION.TESTSCH1.TAB1. [2017-05-15 03:06:50]



> need add privilege checking for explain statement
> -------------------------------------------------
>
>                 Key: TRAFODION-2294
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2294
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-security
>         Environment: CDH5.4.8
> Centos6.7
>            Reporter: Gao, Rui-Xian
>            Assignee: David Wayne Birdsall
>             Fix For: 2.2-incubating
>
>
> we don't have privilege checking for 'explain' statements.If a user doesn't 
> have privilege to execute a statement, then after explain, the user will be 
> able to execute the statement.
> Testuser1:
> SQL>create schema testsch1;
>  
> --- SQL operation complete.
>  
> SQL>set schema testsch1;
>  
> --- SQL operation complete.
>  
> SQL>create table tab1(a int, b int);
>  
> --- SQL operation complete.
>  
> SQL>insert into tab1 values(1,1);
>  
> --- 1 row(s) inserted.
>  
> SQL>select * from tab1;
>  
> A           B
> ----------- -----------
>           1           1
>  
> --- 1 row(s) selected.
>  
> Tesuser2:
> SQL>set schema testsch1;
>  
> --- SQL operation complete.
>  
> SQL>get tables;
>  
> Tables in Schema TRAFODION.TESTSCH1
> ===================================
>  
> SB_HISTOGRAMS
> SB_HISTOGRAM_INTERVALS
> SB_PERSISTENT_SAMPLES
> TAB1
>  
> --- SQL operation complete.
>  
> SQL>select * from tab1;
>  
> *** ERROR[4481] The user does not have SELECT privilege on table or view 
> TRAFODION.TESTSCH1.TAB1. [2016-10-18 09:07:32]
>  
> SQL>explain options 'f' select * from tab1;
>  
>  
> LC   RC   OP   OPERATOR              OPT       DESCRIPTION           CARD
> ---- ---- ---- --------------------  --------  --------------------  ---------
>  
> 1    .    2    root                                                  1.00E+002
> .    .    1    trafodion_scan                  TAB1                  1.00E+002
>  
> --- SQL operation complete.
>  
> SQL>select * from tab1;
>  
> A           B
> ----------- -----------
>           1           1
>  
> --- 1 row(s) selected.
>  
> SQL>insert into tab1 values(20,20);
>  
> *** ERROR[4481] The user does not have INSERT privilege on table or view 
> TRAFODION.TESTSCH1.TAB1. [2016-10-18 09:11:03]
>  
> SQL>explain options 'f' insert into tab1 values(20,20);
>  
>  
> LC   RC   OP   OPERATOR              OPT       DESCRIPTION           CARD
> ---- ---- ---- --------------------  --------  --------------------  ---------
>  
> 1    .    2    root                  o                               1.00E+000
> .    .    1    trafodion_insert                TAB1                  1.00E+000
>  
> --- SQL operation complete.
>  
> SQL>insert into tab1 values(20,20);
>  
> --- 1 row(s) inserted.
>  
> SQL>select * from tab1;
>  
> A           B
> ----------- -----------
>          20          20
>           1           1
>  
> --- 2 row(s) selected.
>  
> SQL>showddl tab1;
>  
>  
> CREATE TABLE TRAFODION.TESTSCH1.TAB1
>   (
>     A                                INT DEFAULT NULL SERIALIZED
>   , B                                INT DEFAULT NULL SERIALIZED
>   )
> ;
>  
> -- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON 
> TRAFODION.TESTSCH1.TAB1 TO TESTUSER1 WITH GRANT OPTION;
>  
> --- SQL operation complete.
>  



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (TRAFODION-2294) need add privilege checking for explain statement

Reply via email to