db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yip Ng" <yipng...@gmail.com>
Subject Re: Question on Grant/Revoke
Date Fri, 01 Sep 2006 03:38:09 GMT
Another example, it looks like the following error message is misleading
since I am only reading column j and not updating j.

...
ij> create table t1 (i int, j int);
0 rows inserted/updated/deleted
ij> insert into t1 values (1,10);
1 row inserted/updated/deleted
ij> grant update (i) on t1 to user2;
0 rows inserted/updated/deleted
ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
...
ij(USER2)> update user1.t1 set i=j;
ERROR 28508: User 'USER2' does not have update permission on column 'J' of
table
 'USER1'.'T1'.

Yip


On 8/31/06, Daniel John Debrunner <djd@apache.org> wrote:
>
> Rajesh Kartha wrote:
>
> >>Mamta Satoor wrote:
> >>Manjula, I haven't looked at the SQL spec but it looks like that the
> > update statement is doing a select operation on the
> >>column id with "where id=3" and  that is what is causing Derby to send
> > an error.
> >
> > More questions:
> > If a separate Select privilege is indeed required then I think the
> > 'grant update on t1 to DBUSER' statement should not be succesful.
>
> No, you need the SELECT privilege because you are reading the id column,
> not because you are updating the column.
>
> I assume if this update is executed, then no select privilege would be
> needed:
>
> UPDATE T SET ID = ?
>
>
> Or with this UPDATE
>
> UPDATE T SET ID = ? WHERE NAME = ?
>
> that one needs UPDATE on T(ID) and SELECT on T(NAME).
>
> Dan.
>
>
>
>
>

Mime
View raw message