Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 26490 invoked from network); 2 Aug 2006 05:31:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 2 Aug 2006 05:31:48 -0000 Received: (qmail 10012 invoked by uid 500); 2 Aug 2006 05:31:47 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 9982 invoked by uid 500); 2 Aug 2006 05:31:47 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 9973 invoked by uid 99); 2 Aug 2006 05:31:47 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Aug 2006 22:31:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Aug 2006 22:31:46 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 3FCE841001E for ; Wed, 2 Aug 2006 05:29:14 +0000 (GMT) Message-ID: <20858946.1154496554252.JavaMail.jira@brutus> Date: Tue, 1 Aug 2006 22:29:14 -0700 (PDT) From: "Mamta A. Satoor (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-1632) When a revoke privilege is issued, the affected objects before dropping themselves should see if there is any other replacement privilege In-Reply-To: <31774343.1154494933869.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-1632?page=comments#action_12425132 ] Mamta A. Satoor commented on DERBY-1632: ---------------------------------------- Another behavior to note until this jira entry is resolved......(do we want to document the following behavior till this Jira entry is resolved?) When a privilege is available at both user-level and PUBLIC level, new objects(views, triggers, constraints) would always depend on the user-level privilege. 2 things can happen in terms of revoke later 1)If PUBLIC level privilege is revoked, it will not affect the object in anyway and the object will remain intact 2)If user-level privilege is revoked, the object will end up dropping itself. This behavior might be useful for a user to know that when they have a privilege available at both user and PUBLIC level at object creation time, only user-level revoke privilege will drop the object and not the PUBLIC level revoke privilege. Once this jira issue is resolved, the dependent object will start depending on the next available privilege(if exist) when a revoke privilege is issued and we will not have to worry about this jira comment. > When a revoke privilege is issued, the affected objects before dropping themselves should see if there is any other replacement privilege > ----------------------------------------------------------------------------------------------------------------------------------------- > > Key: DERBY-1632 > URL: http://issues.apache.org/jira/browse/DERBY-1632 > Project: Derby > Issue Type: Improvement > Components: Documentation, SQL > Affects Versions: 10.2.0.0 > Reporter: Mamta A. Satoor > > Currently, when an object (trigger/constraint/view) is created, it depends on the available required privilege at the user level. If none found, it depends on the available required privilege at PUBLIC level. If none exist both at user level or PUBLIC level, then create object fails. > To reiterate, if the privilege is found say at the user level, the object depends on that privilege. Consider the case, where the privilege also exist at the PUBLIC level. Later, when a revoke privilege is issued at the user level, the dependent object gets a revoke invalidation action and the dependent object drops itself. Instead, the dependent object should make itself depend on the PUBLIC level privilege. This does not happen in Derby at this point and would be a very useful feature. > eg for the problem at hand > user1 > create table t1 > grant select on t1 to user2, public > user2 > create view v1 as select * from user1.t1 > -- this view will depend on the user level select privilege on table t1 > user1 > revoke select on t1 from user2 > -- this revoke will end up dropping the view. The view could have made itself depend on the PUBLIC level select privilege > -- on t1 but that doesn't happen currently > another eg for the same problem > user1 > create table t1 > grant select on t1 to public > user2 > create view v1 as select * from user1.t1 > -- this view will depend on the PUBLIC level select privilege on table t1 > user1 > grant select on to to user2 > revoke select on t1 from public > -- this revoke ends up dropping the view user2.v1 eventhough there is a user level SELECT privilege availble > -- on user1.t1 > So, in brief, the problem is that when a dependent object gets a revoke invalidation action, it does not check if there is another privilege available to replace the privilege being revoked. Instead, they just go ahead and drop themselves. > Until we fix this behavior, we should document it so the user will know what to expect for same privilege being available at different levels. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira