db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject create view on a non-granted object does not fail.....
Date Thu, 01 Jun 2006 18:12:25 GMT
Hi,

I wrote a simple test for grant/revoke and came across incorrect behavior
for views. If a create view is issued with select on a non-granted table, it
does not fail. create trigger and constraints do catch access to non-granted
tables. Here is the ij session

$ java -Dderby.database.sqlAuthorization=true -Dij.exceptionTrace=true
org.apache.derby.tools.ij
ij version 10.2
ij> connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user 'mamta1';
ij> create table t1 (c11 int not null primary key);
connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user 'mamta2';
0 rows inserted/updated/deleted
ij> WARNING 01J01: Database 'c:/dellater/dbmaintest2' not created,
connection made to existing database instead.
ij(CONNECTION1)> create table t2 (c21 int);
0 rows inserted/updated/deleted
ij(CONNECTION1)> create trigger tr1t2 after insert on t2 for each row mode
db2sql select * from mamta1.t1;
ERROR 28508: User 'MAMTA2' does not have select permission on column 'C11'
of table 'MAMTA1'.'T1'.
ij(CONNECTION1)> alter table t2 add constraint fk1t2 foreign key(c21)
references mamta1.t1;
ERROR 28508: User 'MAMTA2' does not have references permission on column
'C11' of table 'MAMTA1'.'T1'.
ij(CONNECTION1)> -- view should fail but it is not
create view v1 as select * from mamta1.t1;
0 rows inserted/updated/deleted

Mamta

Mime
View raw message