You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Deepa Remesh (JIRA)" <de...@db.apache.org> on 2006/08/09 20:48:14 UTC

[jira] Updated: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.

     [ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]

Deepa Remesh updated DERBY-1582:
--------------------------------

    Attachment: d1582_v1.diff
                d1582_v1.status

Attaching a patch 'd1582_v1.diff' which raises a warning when no privileges are revoked by the revoke statement.

This patch adds checks for revoke of table and routine permissions. It checks return value of DataDictionary.addRemovePermissionsDescriptor method which returns true if revoke has removed a privilege. The new SQLState and warning added are:
WARNING 01006: Privilege not revoked.
Tests are in lang/grantRevokeDDL.sql.

It is not very clear to me from the spec how the following case should be handled - revoking permissions from dba (user who is the owner of the database). dba has "implicit" permissions on all objects and we cannot revoke privileges from dba. With the current patch we will get the above warning when we revoke any privilge from dba. I am thinking this behaviour is okay. It would be helpful if someone can confirm this.

I am running derbyall with the patch now. Meantime, any feedback is appreciated.

> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
>                 Key: DERBY-1582
>                 URL: http://issues.apache.org/jira/browse/DERBY-1582
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.2.0.0
>            Reporter: Daniel John Debrunner
>         Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.

Posted by Deepa Remesh <dr...@gmail.com>.

On 8/9/06, Daniel John Debrunner <dj...@apache.org> wrote:
> Deepa Remesh (JIRA) wrote:
>
>
> > It is not very clear to me from the spec how the following case should be handled
> > - revoking permissions from dba (user who is the owner of the database).
> > dba has "implicit" permissions on all objects and we cannot revoke privileges from dba.
>
> I think I've asked this before, but I'll ask again. I don't see in the
> functional spec for DERBY-464 where it says the database owner has
> '"implicit" permissions on all objects'

This is not directly from the grant/revoke spec but it is what I
understood from the grant revoke tests. I seemed to have read
something along these lines in the discussions. Now I am not able to
find out where. It would be good to get this clarified.

Thanks,
Deepa

Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.

Posted by Satheesh Bandaram <ba...@gmail.com>.

Daniel John Debrunner wrote:

>Deepa Remesh (JIRA) wrote:
>
>
>  
>
>>It is not very clear to me from the spec how the following case should be handled
>>- revoking permissions from dba (user who is the owner of the database).
>>dba has "implicit" permissions on all objects and we cannot revoke privileges from dba. 
>>    
>>
>
>I think I've asked this before, but I'll ask again. I don't see in the
>functional spec for DERBY-464 where it says the database owner has
>'"implicit" permissions on all objects'
>
>All I see is that the database owner can create and drop any schema.
>
>I also see comments like:
>
>   "Only the owner (creator) of an object can grant or revoke privileges
>on that object. "
>  
>
Database owner can also grant or revoke privileges. I will update the
functional specification.

Derby currently allows database owner access to any object in that
database. A database owner can also create any object in other user
schemas. When a database owner is operating in other user schemas,
objects created by database owners would be owned by owners of the those
schemas.

As for Deepa's question about whether it is possible to revoke a
privilege from database owner, no, it is not possible currently.

Satheesh

Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.

Posted by Daniel John Debrunner <dj...@apache.org>.

Deepa Remesh (JIRA) wrote:

> It is not very clear to me from the spec how the following case should be handled
> - revoking permissions from dba (user who is the owner of the database).
> dba has "implicit" permissions on all objects and we cannot revoke privileges from dba. 

I think I've asked this before, but I'll ask again. I don't see in the
functional spec for DERBY-464 where it says the database owner has
'"implicit" permissions on all objects'

All I see is that the database owner can create and drop any schema.

I also see comments like:

   "Only the owner (creator) of an object can grant or revoke privileges
on that object. "

Would be good to clear this up soon.

Dan.