db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4191) Lack of SELECT privilege does not prevent SELECT COUNT(*)
Date Wed, 18 Nov 2009 14:12:39 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12779460#action_12779460
] 

Rick Hillegas commented on DERBY-4191:
--------------------------------------

Before fixing this bug, we need to decide what privileges are needed to execute the following
statement:

  select count(*) from t

I believe that all you need is SELECT privilege on some column of the table. That at least
is the minimum set of privileges required by the SQL Standard, part 2, section 7.6 <table
reference>, access rule 1.ii.1.B. I asked the SQL committee for its opinion and got one
response, which concurred:

"There are no access rules for count(*) (in either 6.9 <set function specification>
or
10.9 <aggregate function>), nor in 7.12 <query specification> or
7.13 <query expression>, so that leaves just the access rules for t in
7.6 <table reference>.  I think you are right."


> Lack of SELECT privilege does not prevent SELECT COUNT(*)
> ---------------------------------------------------------
>
>                 Key: DERBY-4191
>                 URL: https://issues.apache.org/jira/browse/DERBY-4191
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.4.2.0, 10.5.1.1
>            Reporter: Knut Anders Hatlen
>         Attachments: repro.sql
>
>
> A user that does not have SELECT privilege on a table can still perform a SELECT COUNT(*)
on that table. Counting a specific column (e.g., SELECT COUNT(X)) is prevented.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message