[jira] [Updated] (TRAFODION-1276) LP Bug: 1465782 - Revoke privilege return dependent grant ERROR[1037]

Tue, 10 Oct 2017 09:11:26 -0700 

     [ 
https://issues.apache.org/jira/browse/TRAFODION-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Roberta Marton updated TRAFODION-1276:
--------------------------------------
    Fix Version/s: 2.3-incubating

> LP Bug: 1465782 - Revoke privilege return dependent grant ERROR[1037]
> ---------------------------------------------------------------------
>
>                 Key: TRAFODION-1276
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-1276
>             Project: Apache Trafodion
>          Issue Type: Wish
>          Components: sql-security
>            Reporter: Paul Low
>            Assignee: Roberta Marton
>            Priority: Minor
>             Fix For: 2.3-incubating
>
>
> The DB__ROOT user is unable to revoke privilege granted to user after user 
> grants privilege to another user.  In the scenario below, the user is granted 
> privilege with grant option.  The user grants the privilege to another user.  
> DB__ROOT is unable to revoke the original privilege and the WGO privilege 
> that he first granted to the user.  ERROR[1037] is returned.
> Daily build: 20150613
> Security is enabled.
> SQL>create schema schema1;
> --- SQL operation complete.
>            
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>create table tab1(a int, b int) no partition;
> --- SQL operation complete.
> SQL>grant select on tab1 to username1 with grant option;
> --- SQL operation complete.
> SQL>connect username1/password1;
> Connected to Trafodion 
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>grant select on tab1 to username2;
> --- SQL operation complete.
> SQL>connect db_root_username/db_root_password;
> Connected to Trafodion 
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>revoke grant option for select on tab1 from username1;
> *** ERROR[1037] Revoke failed because of a dependent grant between 
> authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>revoke grant option for select on tab1 from username1 cascade;
> *** ERROR[1037] Revoke failed because of a dependent grant between 
> authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>revoke select on tab1 from username1 cascade;
> *** ERROR[1037] Revoke failed because of a dependent grant between 
> authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>drop schema schema1 cascade;
> --- SQL operation complete.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to