db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yip Ng (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1723) Database owner revokes select privilege from a schema owner but owner is still able to select
Date Fri, 18 Aug 2006 17:17:15 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1723?page=comments#action_12429061 ] 
            
Yip Ng commented on DERBY-1723:
-------------------------------

Yes, a warning on the revoke will make the behavior more clearer.  However, the point of this
scenario is to determine what a database owner can do.  In the v5 spec of Grant and Revoke,
under the database owner section, it states the following:

"User creating a database is referred to as Database Owner. A database owner has more privileges
than a normal user of a database. Database owners alone can create multiple schemas in that
database or create a schema to be owned by another user. She can also grant or revoke any
object privilege on any database object to any user and can access all objects in the database
without any explicit granting of access. It is also not possible to revoke any privilege from
database owners. Database owners assume the authorizationId of  other users while operating
in their user schemas. Objects created by database owners in other user schemas would be owned
by that user."

So, in the above scenario, a database owner was not able to revoke any object privilege on
any database object to any user as what  the spec states.  

> Database owner revokes select privilege from a schema owner but owner is still able to
select
> ---------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1723
>                 URL: http://issues.apache.org/jira/browse/DERBY-1723
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.2.1.0
>         Environment: Sun JDK 1.4.2
>            Reporter: Yip Ng
>
> Database owner attempts to revoke select privilege from a schema owner's own table but
the owner later can still select from the revoked table.  Behavior is inconsistent.  e.g.:

> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> connect 'jdbc:derby:wombat' user 'user2' as user2;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> create table tshared0 (i int);
> 0 rows inserted/updated/deleted
> ij(USER2)> -- db owner tries to revoke select access from schema owner user2
> set connection user1;
> ij(USER1)> revoke select on user2.tshared0 from user2;
> 0 rows inserted/updated/deleted
> ij(USER1)> set connection user2;
> ij(USER2)> select * from user2.tshared0;
> I          
> -----------
> 0 rows selected
> ij(USER2)> 
> sysinfo:
> ------------------ Java Information ------------------
> Java Version:    1.4.2_12
> Java Vendor:     Sun Microsystems Inc.
> Java home:       C:\Program Files\Java\j2re1.4.2_12
> Java classpath:  derby.jar;derbytools.jar
> OS name:         Windows XP
> OS architecture: x86
> OS version:      5.1
> Java user name:  Yip
> Java user home:  C:\Documents and Settings\Yip
> Java user dir:   C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903)
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale :  [English/United States [en_US]]
> Found support for locale: [de_DE]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [es]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [it]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
>          version: 10.2.1.0 - (430903)
> ------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message