db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <banda...@gmail.com>
Subject Re: create view on a non-granted object does not fail.....
Date Thu, 01 Jun 2006 19:06:43 GMT
Mamta Satoor wrote:

> Hi,
>  
> I wrote a simple test for grant/revoke and came across incorrect
> behavior for views. If a create view is issued with select on a
> non-granted table, it does not fail. create trigger and constraints do
> catch access to non-granted tables. Here is the ij session

Work to implement SQL authorization for views, triggers and constraints
is till pending. I thought you were working on it? :)

It seems binding of createView needs to change to set current required
privilege to be SELECT_PRIV.

Satheesh

> $ java -Dderby.database.sqlAuthorization=true -Dij.exceptionTrace=true
> org.apache.derby.tools.ij
> ij version 10.2
> ij> connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user
> 'mamta1';
> ij> create table t1 (c11 int not null primary key);
> connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user 'mamta2';
> 0 rows inserted/updated/deleted
> ij> WARNING 01J01: Database 'c:/dellater/dbmaintest2' not created,
> connection made to existing database instead.
> ij(CONNECTION1)> create table t2 (c21 int);
> 0 rows inserted/updated/deleted
> ij(CONNECTION1)> create trigger tr1t2 after insert on t2 for each row
> mode db2sql select * from mamta1.t1;
> ERROR 28508: User 'MAMTA2' does not have select permission on column
> 'C11' of table 'MAMTA1'.'T1'.
> ij(CONNECTION1)> alter table t2 add constraint fk1t2 foreign key(c21)
> references mamta1.t1;
> ERROR 28508: User 'MAMTA2' does not have references permission on
> column 'C11' of table 'MAMTA1'.'T1'.
> ij(CONNECTION1)> -- view should fail but it is not
> create view v1 as select * from mamta1.t1;
> 0 rows inserted/updated/deleted
>  
> Mamta




Mime
View raw message