[Firebird-devel] [FB-Tracker] Created: (CORE-4836) Grant update(c) on t to U01 with grant option: user U01 will not be able to "revoke update(c) on t from " if this 'U01' do some DML before revoke

Wed, 10 Jun 2015 06:25:25 -0700 

Grant update(c) on t to U01 with grant option: user U01 will not be able to 
"revoke update(c) on t from <user | role>" if  this 'U01' do some DML  before 
revoke
----------------------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: CORE-4836
                 URL: http://tracker.firebirdsql.org/browse/CORE-4836
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine, Security
    Affects Versions: 3.0 Beta 2
            Reporter: Pavel Zotov


On empty user database (alias = 'e30'; FB port = 3333) and new security3.fdb do:

isql localhost/3333:e30 -q

-- and then:
===
create or alter user john_senior password 'sen' grant admin role;
create role modifier;
recreate table test(id int, text varchar(30));

grant select on test to public;
grant update(text) on test to john_senior with grant option;
commit;

connect 'localhost/3333:e30' user 'JOHN_SENIOR' password 'sen';

grant update (text) on test to modifier; 
------------------------------------------------------ [ 0 ]
commit;

connect 'localhost/3333:e30' user 'JOHN_SENIOR' password 'sen'; --------------[ 
1 ]
select * from test; 
---------------------------------------------------------------------------------
 [ 2 ]

commit;

revoke update(text) on test from role modifier;
commit;

connect 'localhost/3333:e30' user 'SYSDBA' password 'masterkey';
drop role modifier;
drop user john_senior;
drop table test;
commit;
===

STDERR:
=======
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-REVOKE failed
-no permission for CONTROL access to TABLE TEST
-At trigger 'RDB$TRIGGER_8'


Note that:
[ 0 ] -- error will NOT raise is we'll not specify COLUMN in grant statement 
(i.e. this: "grant update on test to ..." -- works fine)
[ 1 ] -- error WILL  raise with or without reconnect
[ 2 ] -- error will NOT raise if comment 'select * from test';

The same result when grant updating of selected column(s) to USER rather than 
role.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to