db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh Kartha <karth...@gmail.com>
Subject Re: Question on Grant/Revoke
Date Fri, 01 Sep 2006 06:31:04 GMT
Daniel John Debrunner wrote:

>Rajesh Kartha wrote:
>
>  
>
>>>Mamta Satoor wrote:
>>>Manjula, I haven't looked at the SQL spec but it looks like that the
>>>      
>>>
>>update statement is doing a select operation on the
>>    
>>
>>>column id with "where id=3" and  that is what is causing Derby to send
>>>      
>>>
>>an error.
>>
>>More questions:
>>If a separate Select privilege is indeed required then I think the
>>'grant update on t1 to DBUSER' statement should not be succesful.
>>    
>>
>
>No, you need the SELECT privilege because you are reading the id column,
>not because you are updating the column.
>
>I assume if this update is executed, then no select privilege would be
>needed:
>
>UPDATE T SET ID = ?
>
>
>Or with this UPDATE
>
>UPDATE T SET ID = ? WHERE NAME = ?
>
>that one needs UPDATE on T(ID) and SELECT on T(NAME).
>
>Dan.
>
>
>
>
>
>  
>
Thanks Dan, I do see for the

UPDATE T SET ID = ? statement, the update works fine (even without the select permission,

a bit strange though given that the user still cannot select and view  the updated data).

In the UPDATE T SET ID = ? WHERE NAME = ? case it fails because an explicit select on T was
not given.

I expected an update permission would have an implicit select also on that table. In which
case
the behaviour would have been consistent and both scenarios will work fine plus the user would
have been able to select and view the new data.

But if the current working is as per the SQL spec, I am fine.  Anyways, would be better to
get 
this confirmed.

Rajesh 


Mime
View raw message