db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4191) Lack of SELECT privilege does not prevent SELECT COUNT(*)
Date Fri, 11 Dec 2009 19:50:18 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mamta A. Satoor updated DERBY-4191:
-----------------------------------

    Attachment: DERBY4191_miniumSelectPrivOnAllTables_stat_patch4.txt
                DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt

I have added another patch DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt which is
same as the previous one except that SubqueryNode during it's bind phase now requires minimum
select privilege on all it's table. It fixes the test case you provided Rick. I have fired
the derbyall and will run junit suite after that. In the mean time, I will work on adding
a test case for this subquery scenario and will add test case for roles (as Rick pointed out
in his last review).

> Lack of SELECT privilege does not prevent SELECT COUNT(*)
> ---------------------------------------------------------
>
>                 Key: DERBY-4191
>                 URL: https://issues.apache.org/jira/browse/DERBY-4191
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.4.2.0, 10.5.1.1
>            Reporter: Knut Anders Hatlen
>            Assignee: Mamta A. Satoor
>         Attachments: DERBY4191_ColumnLevelCheckInStatmentColumnPerm_diff_patch2.txt,
DERBY4191_ColumnLevelCheckInStatmentColumnPerm_stat_patch2.txt, DERBY4191_ColumnLevelCheckInStatmentTablePerm_diff_patch1.txt,
DERBY4191_countStar_privilege_diff_patch1.txt, DERBY4191_miniumSelectPrivOnAllTables_diff_patch3.txt,
DERBY4191_miniumSelectPrivOnAllTables_diff_patch4.txt, DERBY4191_miniumSelectPrivOnAllTables_stat_patch3.txt,
DERBY4191_miniumSelectPrivOnAllTables_stat_patch4.txt, repro.sql
>
>
> A user that does not have SELECT privilege on a table can still perform a SELECT COUNT(*)
on that table. Counting a specific column (e.g., SELECT COUNT(X)) is prevented.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message