[ https://issues.apache.org/jira/browse/TRAFODION-1856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15173929#comment-15173929 ]
ASF GitHub Bot commented on TRAFODION-1856: ------------------------------------------- Github user robertamarton commented on a diff in the pull request: https://github.com/apache/incubator-trafodion/pull/349#discussion_r54586211 --- Diff: core/sql/sqlcomp/PrivMgrMD.h --- @@ -110,12 +106,35 @@ typedef struct { } ViewUsage; -typedef struct { +// ----------------------------------------------------------------------- +// Class definitions +// ----------------------------------------------------------------------- +class ObjectReference +{ + public: + + ObjectReference() + : objectUID(0), + objectOwner(NA_UserIdDefault), + objectType(COM_UNKNOWN_OBJECT), + columnReferences(NULL), + updatedPrivs() + {} + + virtual ~ObjectReference ( void ) + { + while(!columnReferences->empty()) + delete columnReferences->back(), columnReferences->pop_back(); --- End diff -- I was having issues getting this code to work and I searched the web for examples. This was one suggestion and it worked. > Revoke - object and column privilege checks not integrated for constraints > -------------------------------------------------------------------------- > > Key: TRAFODION-1856 > URL: https://issues.apache.org/jira/browse/TRAFODION-1856 > Project: Apache Trafodion > Issue Type: Bug > Components: sql-security > Reporter: Roberta Marton > Assignee: Roberta Marton > > Today, when revoking the object REFERENCES privilege, the revoke fails if > there > are any RI constraints that require the privilege. However, there may be > column > level privileges that exist that would still allow the constraint to be > present. > Conversely, when revoking column REFERENCES privilege, the revoke does not > check to see if REFERENCES privilege has been granted at the object level. > In fact, the revoke operation does not check for dependencies on constraints > correctly. > For example: > user1: > create table dept( dept_no int not null primary key, dept_name char(50)); > grant references on table dept to user2; > grant references(dept_no) to user2; > user2: > create table empl(empl_no int not null primary key, dept_no int not null); > alter table empl add constraint empl_dept > foreign key (dept_no) references dept; > user1 should be able to "revoke references on table dept from user2" because > user2 still has the references privileges on column dept_no. Vice versa, > user1 > should be able to "revoke references(dept_no) on dept from user2" because > user2 > still has the references privilege on table dept. -- This message was sent by Atlassian JIRA (v6.3.4#6332)