db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-6434) Incorrect privileges may be required for INSERT and DELETE statements.
Date Wed, 08 Jan 2014 14:31:51 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-6434:

    Attachment: derby-6434-01-ac-correctInsertPrivs.diff

Attaching derby-6434-01-ac-correctInsertPrivs.diff. This rev corrects some additional problems
which surfaced when I ran the full regression tests on the previous rev of the patch. I will
re-run the regression tests now.

This rev corrects two problems:

1) A canonized wrong result in GeneratedColumnsPermsTest. There was a comment left over from
work on DERBY-6429, noting that this wrong result would need to be addressed when INSERT privileges
were corrected.

2) A test case in RolesConferredPrivilegesTest broke because the previous rev altered the
dependency checking for CHECK constraints which rely on role-based privileges.

The fix for 2 is simple but it was tricky to find. I had expected that all dependencies would
be identified at bind() time. So I was surprised to find that some in-memory dependencies
are added by the execute() phase of statement evaluation. This looks wrong to me. In a private
discussion with Dag, we theorized that the execute() time additions are a holdover from how
the code behaved before we added support for definer's rights.

The fix for 2 is to make ConstraintDescriptor.makeInvalid() call DependencyManager.invalidateFor()
on the table descriptor after the CHECK constraint is implicitly dropped as a consequence
of revoking a privilege. This forces Derby to take the same code path pursued when the CHECK
constraint is explicitly dropped.

I am highly suspicious of the many calls to DependencyManager.addDependency() which we see
in the execute() time ConstantActions. Analyzing these suspicious calls is outside the scope
of this JIRA. I will file a follow-on issue for this investigation.

Touches the following additional files:


M       java/engine/org/apache/derby/iapi/sql/dictionary/ConstraintDescriptor.java

The fix for item 2.


M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/GeneratedColumnsPermsTest.java

The fix for item 1.

> Incorrect privileges may be required for INSERT and DELETE statements.
> ----------------------------------------------------------------------
>                 Key: DERBY-6434
>                 URL: https://issues.apache.org/jira/browse/DERBY-6434
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions:
>            Reporter: Rick Hillegas
>         Attachments: derby-6434-01-aa-correctInsertPrivs.diff, derby-6434-01-ac-correctInsertPrivs.diff
> This issue is a place to address problems with INSERT and DELETE statements similar to
the problems affecting UPDATE statements recorded on DERBY-6429. In particular, DERBY-6432
and DERBY-6433 list some of the problems with INSERT statements.

This message was sent by Atlassian JIRA

View raw message