db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5395) By default, only the DBO should be allowed to run several of the diagnostic VTIs.
Date Mon, 29 Aug 2011 18:59:37 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13093089#comment-13093089
] 

Rick Hillegas commented on DERBY-5395:
--------------------------------------

I can imagine two approaches to fixing this issue:

1) Easy but inflexible -- In this approach, Derby would raise an error if someone other than
the DBO tried to use these VTIs. For instance, the constructors for the underlying VTIs could
raise an error if the current user wasn't the DBO. This could be implemented for the 10.8.2
maintenance release and could be backported to older branches. However, it would not be possible
to grant other users SELECT privilege on statement_cache and transaction_table and it would
not be possible to grant other users EXECUTE privilege on error_log_reader() and statement_duration().

2) Involved but flexible -- In this approach, we would re-model these vtis as table functions.
The error_log_reader and statement_duration vtis would be re-modelled as table functions and
statement_cache and transaction_table would be remodelled as views on table functions. Corresponding
metadata tuples would be stuffed into SYSALIASES, SYSVIEWS, and SYSTABLEPERMS. This would
let the DBO grant EXECUTE privilege on the table functions. However, the metadata changes
would mean that we could not implement this solution in a maintenance release like 10.8.2.
and we could not backport the fix to older branches.

I am leaning toward an incremental, hybrid approach: implement (1) in the 10.8.2 timeframe,
close this issue, and create a new issue for the work on (2). I would be happy to do (1).
We could consider implementing (2) if users clamor for it.

Thoughts?

> By default, only the DBO should be allowed to run several of the diagnostic VTIs.
> ---------------------------------------------------------------------------------
>
>                 Key: DERBY-5395
>                 URL: https://issues.apache.org/jira/browse/DERBY-5395
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>
> Only the DBO should be allowed to run the following VTIs:
>   syscs_diag.statement_cache
>   syscs_diag.transaction_table
>   syscs_diag.error_log_reader( )
>   syscs_diag.statement_duration()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message