You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Alice Chen (JIRA)" <ji...@apache.org> on 2015/07/22 20:21:08 UTC
[jira] [Created] (TRAFODION-1275) LP Bug: 1465776 - Schema owner in
private schema is not the only user able to grant access to object
Alice Chen created TRAFODION-1275:
-------------------------------------
Summary: LP Bug: 1465776 - Schema owner in private schema is not the only user able to grant access to object
Key: TRAFODION-1275
URL: https://issues.apache.org/jira/browse/TRAFODION-1275
Project: Apache Trafodion
Issue Type: Bug
Components: sql-security
Reporter: Paul Low
Assignee: Cliff Gray
Priority: Critical
Fix For: 2.0-incubating
In a private schema, only the schema owner should be able to grant access to objects in the schema.
In the scenario below, a user (not owner of the schema) created an object on a private schema. Unexpectedly, the user is able to grant privileges on the object to another user:
SQL>grant all on tab2 to username4;
--- SQL operation complete.
Daily build: 20150613.
Security is enabled on the instance.
SQL>connect username1/password1;
Connected to Trafodion
SQL>create schema schema2;
--- SQL operation complete.
SQL>grant component privilege "CREATE" on sql_operations to username3;
--- SQL operation complete.
SQL>connect username3/password3;
Connected to Trafodion
SQL>set schema schema2;
--- SQL operation complete.
SQL>create table tab2(a int, b int) no partition;
--- SQL operation complete.
SQL>grant all on tab2 to username4;
--- SQL operation complete.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)