Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1F29510F8C for ; Tue, 10 Dec 2013 23:26:08 +0000 (UTC) Received: (qmail 36681 invoked by uid 500); 10 Dec 2013 23:26:07 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 36642 invoked by uid 500); 10 Dec 2013 23:26:07 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 36560 invoked by uid 99); 10 Dec 2013 23:26:07 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Dec 2013 23:26:07 +0000 Date: Tue, 10 Dec 2013 23:26:07 +0000 (UTC) From: "Mamta A. Satoor (JIRA)" To: derby-dev@db.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DERBY-6429) Privilege checks for UPDATE statements are wrong. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-6429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13844813#comment-13844813 ] Mamta A. Satoor commented on DERBY-6429: ---------------------------------------- I went through the SQL spec for UPDATE statement with simple columns (ie with no special clause on the columns involved in the SET clause) and the spec interpretation seems right that the column on the left would require UPDATE privilege and column on the right will require SELECT privilege. As for unique cases for foreign keys,and trigger action, with a quick glance at the spec, from a quick glance at the spec, I was also not able to find information in the spec about what would happen if the REFERENCES or TRIGGER privileges are revoked. It would seem that Derby will/should catch the existing dependencies when those privileges are revoked and revoke would fail. I have question about generated column "permission related to generation clause : SELECT permission on the columns mentioned in the generation clause. I do not see any language in the Standard suggesting that you need explicit SELECT permission on all of the columns mentioned by the generation clause. That permission seems to be implied by the INSERT privilege you enjoy on the table and the UPDATE privilege you may enjoy on a column mentioned by the generation clause. " I don't quite understand what you mean by "the UPDATE privilege you may enjoy on a column mentioned by the generation clause." > Privilege checks for UPDATE statements are wrong. > ------------------------------------------------- > > Key: DERBY-6429 > URL: https://issues.apache.org/jira/browse/DERBY-6429 > Project: Derby > Issue Type: Bug > Components: SQL > Affects Versions: 10.11.0.0 > Reporter: Rick Hillegas > > UPDATE statements confuse SELECT and UPDATE privileges. Consider the following SET clause: > SET updateColumn = selectColumn > According to part 2 of the 2011 edition of the SQL Standard, that SET clause requires the following privileges: > 1) UPDATE privilege on updateColumn. Privileges for the left side of a SET clause are described by section 14.14 (update statement: searched), access rule 1b. > 2) SELECT privilege on selectColumn. Privileges for the right side of a SET clause are described by section 14.15 (set clause list) and the various productions underneath value expression. In this case, we have a column reference, whose privileges are governed by section 6.7 (column reference), access rule 2. > However, Derby requires the following: > 1') UPDATE privilege on both updateColumn and selectColumn > When we address this bug, we should make corresponding changes to the MERGE statement. > The following script shows the current behavior: > connect 'jdbc:derby:memory:db;user=test_dbo;create=true'; > call syscs_util.syscs_create_user( 'TEST_DBO', 'test_dbopassword' ); > call syscs_util.syscs_create_user( 'RUTH', 'ruthpassword' ); > connect 'jdbc:derby:memory:db;shutdown=true'; > connect 'jdbc:derby:memory:db;user=test_dbo;password=test_dbopassword' as dbo; > create table t1_025 > ( > a int primary key, > updateColumn int, > selectColumn int, > privateColumn int > ); > grant update ( updateColumn ) on t1_025 to ruth; > grant select ( selectColumn ) on t1_025 to ruth; > insert into t1_025 values ( 1, 100, 1000, 10000 ); > connect 'jdbc:derby:memory:db;user=ruth;password=ruthpassword' as ruth; > -- correctly succeeds because ruth has UPDATE privilege on updateColumn > update test_dbo.t1_025 set updateColumn = 17; > -- the error message incorrectly states that the missing privilege > -- is UPDATE privilege on privateColumn > update test_dbo.t1_025 set updateColumn = privateColumn; > -- incorrectly fails. > -- ruth does have UPDATE privilege on updateColumn > -- and SELECT privilege on selectColumn, which should be good enough. > -- however, the error message incorrectly states that the missing privilege > -- is UPDATE privilege on selectColumn. > update test_dbo.t1_025 set updateColumn = selectColumn; > -- incorrectly succeeds even though ruth does not have SELECT privilege on updateColumn > update test_dbo.t1_025 set updateColumn = 2 * updateColumn; > set connection dbo; > select * from t1_025 order by a; -- This message was sent by Atlassian JIRA (v6.1.4#6159)