[jira] [Updated] (TRAFODION-2339) column privilege -- a user who doesn't have select privilege on all columns can insert data into the table

Wed, 11 Apr 2018 16:00:14 -0700 

     [ 
https://issues.apache.org/jira/browse/TRAFODION-2339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Roberta Marton updated TRAFODION-2339:
--------------------------------------
    Description: 
a user who doesn't have select privilege on all columns can insert data into 
the table successfully.

>>create table tab2(a int, b int, c int);

— SQL operation complete.
 >>grant insert(a,c),select(a) on tab2 to testuser1;

— SQL operation complete.
 >>grant insert(a,c),select(a) on tab2 to testuser1;

— SQL operation complete.
 >>showddl tab2;

CREATE TABLE TRAFODION.MYTESTSCH.TAB2
 (
 A INT DEFAULT NULL NOT SERIALIZED
 , B INT DEFAULT NULL NOT SERIALIZED
 , C INT DEFAULT NULL NOT SERIALIZED
 )
 ATTRIBUTES ALIGNED FORMAT
 ;

– GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.MYTESTSCH.TAB2 
TO DB__ROOT WITH GRANT OPTION;
 GRANT SELECT(A, B), INSERT(A, B, C) ON TRAFODION.MYTESTSCH.TAB2 TO TESTUSER1;

— SQL operation complete.

connect as testuser1 –

SQL>select * from tab2;
 * 
 ** 
 *** ERROR[4481] The user does not have SELECT privilege on table or view 
TRAFODION.MYTESTSCH.TAB2(columns: C). [2016-11-04 17:07:42]

SQL>insert into tab2 values(1,2,3);

— 1 row(s) inserted.

testuser1 doesn't have select privilege on columnC, but insert data into 
columnC successfully.

  was:
a user who doesn't have select privilege on all columns can insert data into 
the table successfully.

>>create table tab2(a int, b int, c int);

--- SQL operation complete.
>>grant insert(a,c),select(a) on tab2 to testuser1;

--- SQL operation complete.
>>grant insert(b,c),select(b) on tab2 to testuser1;

--- SQL operation complete.
>>showddl tab2;

CREATE TABLE TRAFODION.MYTESTSCH.TAB2
  (
    A                                INT DEFAULT NULL NOT SERIALIZED
  , B                                INT DEFAULT NULL NOT SERIALIZED
  , C                                INT DEFAULT NULL NOT SERIALIZED
  )
 ATTRIBUTES ALIGNED FORMAT
;

-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.MYTESTSCH.TAB2 
TO DB__ROOT WITH GRANT OPTION;
  GRANT SELECT(A, B), INSERT(A, B, C) ON TRAFODION.MYTESTSCH.TAB2 TO TESTUSER1;

--- SQL operation complete.

connect as testuser1 --

SQL>select * from tab2;

*** ERROR[4481] The user does not have SELECT privilege on table or view 
TRAFODION.MYTESTSCH.TAB2(columns: C). [2016-11-04 17:07:42]

SQL>insert into tab2 values(1,2,3);

--- 1 row(s) inserted.

testuser1 doesn't have select privilege on columnC, but insert data into 
columnC successfully.




> column privilege -- a user who doesn't have select privilege on all columns 
> can insert data into the table
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: TRAFODION-2339
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2339
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-security
>         Environment: CDH5.4.8 HDP2.4.0
> R2.2 1023 daily
>            Reporter: Gao, Rui-Xian
>            Assignee: Roberta Marton
>            Priority: Major
>
> a user who doesn't have select privilege on all columns can insert data into 
> the table successfully.
> >>create table tab2(a int, b int, c int);
> — SQL operation complete.
>  >>grant insert(a,c),select(a) on tab2 to testuser1;
> — SQL operation complete.
>  >>grant insert(a,c),select(a) on tab2 to testuser1;
> — SQL operation complete.
>  >>showddl tab2;
> CREATE TABLE TRAFODION.MYTESTSCH.TAB2
>  (
>  A INT DEFAULT NULL NOT SERIALIZED
>  , B INT DEFAULT NULL NOT SERIALIZED
>  , C INT DEFAULT NULL NOT SERIALIZED
>  )
>  ATTRIBUTES ALIGNED FORMAT
>  ;
> – GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON 
> TRAFODION.MYTESTSCH.TAB2 TO DB__ROOT WITH GRANT OPTION;
>  GRANT SELECT(A, B), INSERT(A, B, C) ON TRAFODION.MYTESTSCH.TAB2 TO TESTUSER1;
> — SQL operation complete.
> connect as testuser1 –
> SQL>select * from tab2;
>  * 
>  ** 
>  *** ERROR[4481] The user does not have SELECT privilege on table or view 
> TRAFODION.MYTESTSCH.TAB2(columns: C). [2016-11-04 17:07:42]
> SQL>insert into tab2 values(1,2,3);
> — 1 row(s) inserted.
> testuser1 doesn't have select privilege on columnC, but insert data into 
> columnC successfully.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to