[
https://issues.apache.org/jira/browse/TRAFODION-2330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roberta Marton closed TRAFODION-2330.
-------------------------------------
Resolution: Fixed
> Using trafci, a select from a table succeeds even if the user does not have
> the priv
> ------------------------------------------------------------------------------------
>
> Key: TRAFODION-2330
> URL: https://issues.apache.org/jira/browse/TRAFODION-2330
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-general
> Reporter: Roberta Marton
> Assignee: Roberta Marton
>
> When connecting to Trafodion through trafci, an available mxosrvr is found
> and a new session is started. If the previous session was associated with a
> user other than the current user, the caches are not invalidated. There is a
> potential for the current user to be able to perform that same queries as the
> previous user whether or not they have the correct privileges.
> To recreate:
> enable security
> set number of mxosrvr to 1 in the conf file.
> restart dcs
> bring up a trafci session and perform queries for sql_user1
> stop trafci and bring up trafci as sql_user2
> sql_user2 can perform the same queries as sql_user1
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
