db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mamta Satoor <msat...@gmail.com>
Subject Re: [jira] Created: (DERBY-4296) Derby should require EXECUTE privilege on SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE before allowing users to execute it
Date Thu, 02 Jul 2009 21:18:55 GMT
Hi Lily.

There are 2 levels of privilege checking. First to check if there is
execute privilege on the procedure and next to check if there are
appropriate privileges on objects referenced by that procedure. So, it
appears that the check for execute privilege is missing for the
procedure but the checks for the objects is in place.

Mamta

On Thu, Jul 2, 2009 at 12:07 PM, Lily Wei<lilywei@yahoo.com> wrote:
> Hi Mamta:
>
>      Thank you so much for looking at these. I am a little confuse. If we
> don't check EXECUTE privilege on SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE,
> shouldn't use allow to execute this procedure? For my example, user 'BACKUP'
> do have the execute privilege on SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE. If
> derby does not check EXECUTE privilege for
> SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE, why we are throwing 38000 Error.  I
> can understand if we just don't want to allow such operation.
>
>
>
> Thanks,
>
> Lily
>
> ________________________________
> From: Mamta A. Satoor (JIRA) <jira@apache.org>
> To: derby-dev@db.apache.org
> Sent: Thursday, July 2, 2009 11:49:47 AM
> Subject: [jira] Created: (DERBY-4296) Derby should require EXECUTE privilege
> on SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE before allowing users to execute
> it
>
> Derby should require EXECUTE privilege on
> SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE before allowing users to execute it
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4296
>                 URL: https://issues.apache.org/jira/browse/DERBY-4296
>             Project: Derby
>           Issue Type: Bug
>           Components: SQL
>             Reporter: Mamta A. Satoor
>
>
> While researching on DERBY-4295, I found that Derby is not requiring a user
> to have execute privileges on SYSCS_UTIL.SYSCS_INPLACE_COMPRESS_TABLE which
> I think should be required before a user can use it to try compressing a
> table. At least, that is what we require for SYSCS_UTIL.SYSCS_EXPORT_TABLE.
> May be there are other procedures too for which we do not do this check.
> That research can be done when we decide to fix this jira entry.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
>

Mime
View raw message