You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <de...@db.apache.org> on 2006/07/25 07:19:13 UTC
[jira] Created: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
REVOKE statement does not generate a warning when no privileges are revoked.
----------------------------------------------------------------------------
Key: DERBY-1582
URL: http://issues.apache.org/jira/browse/DERBY-1582
Project: Derby
Issue Type: Bug
Components: SQL
Affects Versions: 10.2.0.0
Reporter: Daniel John Debrunner
SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning — privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] Commented: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.
Posted by Mamta Satoor <ms...@gmail.com>.
+1 from me for the patch 'd1582_v2_with_tests.diff'.
On 8/23/06, Deepa Remesh <dr...@gmail.com> wrote:
>
> On 8/23/06, Mamta A. Satoor (JIRA) <de...@db.apache.org> wrote:
> > [
> http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12430037]
> >
> > Mamta A. Satoor commented on DERBY-1582:
> > ----------------------------------------
> >
> > Deepa, the test changes look good. Thanks for adding more tests.
> >
>
> Thanks Mamta.
>
> If there are no further comments, can a committer please commit this
> patch 'd1582_v2_with_tests.diff'?
>
> Thanks,
> Deepa
>
Re: [jira] Commented: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.
Posted by Deepa Remesh <dr...@gmail.com>.
On 8/23/06, Mamta A. Satoor (JIRA) <de...@db.apache.org> wrote:
> [ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12430037 ]
>
> Mamta A. Satoor commented on DERBY-1582:
> ----------------------------------------
>
> Deepa, the test changes look good. Thanks for adding more tests.
>
Thanks Mamta.
If there are no further comments, can a committer please commit this
patch 'd1582_v2_with_tests.diff'?
Thanks,
Deepa
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Mamta A. Satoor (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12429134 ]
Mamta A. Satoor commented on DERBY-1582:
----------------------------------------
Deepa, your patch looks good to me. Just couple suggestion for the tests
1)You have some -ve test case for revoke table as follows
+-- This should raise warnings for bar
+revoke insert on satheesh.tsat from foo, bar;
+-- This should raise warnings for both foo and bar
+revoke insert on satheesh.tsat from foo, bar;
It will be nice to have similar -ve test case for revoke routine.. from mulitple users RESTRICT. ie have couple users in single revoke routine and some or all of those users do not have the privilege granted to them
2)I am not sure if you have tests for : When a privilege is found but it cannot be revoked (cases like revoke privileges from database owner, self privilege revocation, revoke privilege from object owner)
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh reassigned DERBY-1582:
-----------------------------------
Assignee: Deepa Remesh
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12430274 ]
Rick Hillegas commented on DERBY-1582:
--------------------------------------
Thanks for the patch, Deepa, and thanks for the review, Mamta. I have committed d1582_v2.diff at subversion revision 434408.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Fix For: 10.2.1.0
>
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Derby Info: (was: [Patch Available])
Thanks Dan for looking at the patch.
>From what I had tried, I had found that we have to keep track if any privilege is revoked in TablePrivilegeInfo itself as addRemovePermissionsDescriptor is called multiple times in TablePrivilegeInfo.executeGrantRevoke method. Because of this, we need to track whether or not any privilege is revoked for table and routine separately. And we cannot move the whole check to super class.
I think I should have added a common method to check and raise a warning if needed. I'll upload a revised patch.
Please let me know if this doesn't sound okay.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Attachment: d1582_v2_with_tests.diff
Attaching patch 'd1582_v2_with_tests.diff' which raises a warning when no privileges are revoked by the revoke statement for a grantee. This patch handles the case when multiple grantees are specified and raises a warning for each grantee. It is same as the earlier v2 patch. It only adds additional tests suggested by Mamta. DERBY-1538 has handled the cases and added the tests I mentioned in "2) When a privilege is found but it cannot be revoked". So I have only added additional tests for revoking routine privileges. derbyall ran with no new failures.
Please take a look at this patch. Thanks.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Derby Info: [Patch Available]
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12430603 ]
Rick Hillegas commented on DERBY-1582:
--------------------------------------
Ported DERBY-1582 (434408) to 10.2 at subversion revision 436921.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Fix For: 10.2.1.0
>
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12427272 ]
Deepa Remesh commented on DERBY-1582:
-------------------------------------
Thanks Satheesh for clarifying that we cannot revoke privileges from the database owner.
I was reworking the patch and adding some more tests for this to lang/grantRevokeDDL.sql. I am adding cases where we specify more than one grantees/actions in the revoke statement. I would like to confirm my understanding of when to raise warnings when there are multiple grantees/actions ? This is the relevant part from the SQL spec:
"
17) If the <revoke statement> is a <revoke privileges statement>, then:
a) For every combination of <grantee> and <action> on O specified in <privileges>, if there
is no corresponding privilege descriptor in the set of identified privilege descriptors, then a
completion condition is raised: warning — privilege not revoked.
b) If ALL PRIVILEGES was specified, then for each <grantee>, if no privilege descriptors were
identified, then a completion condition is raised: warning — privilege not revoked.
"
Does this mean:
1) raise a warning if we find that at least one of the grantee/action combination or at least one grantee if it is "revoke ALL PRIVILEGES" did not have a matching privilege descriptor.
2) raise a warning if we have not found any privilege descriptors that are revoked after looking at all combinations
3) something else ?
I think it is 1) and creating the new patch based on this. Is this understanding correct?
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Derby Info: [Patch Available]
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Derby Info: (was: [Patch Available])
With v2 patch, derbyall ran with no new failures. But the test additions conflict with changes in DERBY-1538. Unchecking patch available flag till check and upload new patch.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Attachment: d1582_v2.diff
d1582_v2.status
Attaching a revised patch 'd1582_v2.diff' which raises a warning when no privileges are revoked by the revoke statement for a grantee. This patch handles the case when multiple grantees are specified and raises a warning for each grantee.
The warning raised is:
"WARNING 01006: Privilege not revoked from <grantee>."
With the patch, we will be getting the same warning message in both these scenarios:
1) When no matching privilege is found
2) When a privilege is found but it cannot be revoked (cases like revoke privileges from database owner, self privilege revocation, revoke privilege from object owner)
Is this okay? Or do we need to differentiate the warning messages in these cases?
The patch does not raise warnings in the following cases. I am trying to handle these cases plus add few more tests in a separate patch:
* When multiple privilege actions on a table are revoked from a user and the user does not have privilege for one of the actions on the table
create table t1 (c11 int, c12 int);
grant select, insert on t1 to deepa;
revoke select,insert,update on t1 from deepa;
The above revoke statement should raise a warning as user does not have update privilege on the table.
* When multiple columns are specified in the column list and the user does not have the privilege on one of the columns.
grant select(c11) on t1 to deepa;
revoke select(c11,c12) on t1 from deepa;
The above revoke statement should raise a warning as user does not have select privilege on column c12.
With this patch, I ran grant/revoke tests. I had run derbyall earlier but have made small changes after that and will re-run it tonight. Please take a look at this and provide feedback. Thanks.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Rick Hillegas updated DERBY-1582:
---------------------------------
Derby Info: (was: [Patch Available])
Turning off patch-available bit.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Fix For: 10.2.1.0
>
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate a warning when no privileges are revoked.
Posted by Deepa Remesh <dr...@gmail.com>.
On 8/9/06, Daniel John Debrunner <dj...@apache.org> wrote:
> Deepa Remesh (JIRA) wrote:
>
>
> > It is not very clear to me from the spec how the following case should be handled
> > - revoking permissions from dba (user who is the owner of the database).
> > dba has "implicit" permissions on all objects and we cannot revoke privileges from dba.
>
> I think I've asked this before, but I'll ask again. I don't see in the
> functional spec for DERBY-464 where it says the database owner has
> '"implicit" permissions on all objects'
This is not directly from the grant/revoke spec but it is what I
understood from the grant revoke tests. I seemed to have read
something along these lines in the discussions. Now I am not able to
find out where. It would be good to get this clarified.
Thanks,
Deepa
Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate
a warning when no privileges are revoked.
Posted by Satheesh Bandaram <ba...@gmail.com>.
Daniel John Debrunner wrote:
>Deepa Remesh (JIRA) wrote:
>
>
>
>
>>It is not very clear to me from the spec how the following case should be handled
>>- revoking permissions from dba (user who is the owner of the database).
>>dba has "implicit" permissions on all objects and we cannot revoke privileges from dba.
>>
>>
>
>I think I've asked this before, but I'll ask again. I don't see in the
>functional spec for DERBY-464 where it says the database owner has
>'"implicit" permissions on all objects'
>
>All I see is that the database owner can create and drop any schema.
>
>I also see comments like:
>
> "Only the owner (creator) of an object can grant or revoke privileges
>on that object. "
>
>
Database owner can also grant or revoke privileges. I will update the
functional specification.
Derby currently allows database owner access to any object in that
database. A database owner can also create any object in other user
schemas. When a database owner is operating in other user schemas,
objects created by database owners would be owned by owners of the those
schemas.
As for Deepa's question about whether it is possible to revoke a
privilege from database owner, no, it is not possible currently.
Satheesh
Re: [jira] Updated: (DERBY-1582) REVOKE statement does not generate
a warning when no privileges are revoked.
Posted by Daniel John Debrunner <dj...@apache.org>.
Deepa Remesh (JIRA) wrote:
> It is not very clear to me from the spec how the following case should be handled
> - revoking permissions from dba (user who is the owner of the database).
> dba has "implicit" permissions on all objects and we cannot revoke privileges from dba.
I think I've asked this before, but I'll ask again. I don't see in the
functional spec for DERBY-464 where it says the database owner has
'"implicit" permissions on all objects'
All I see is that the database owner can create and drop any schema.
I also see comments like:
"Only the owner (creator) of an object can grant or revoke privileges
on that object. "
Would be good to clear this up soon.
Dan.
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Attachment: d1582_v1.diff
d1582_v1.status
Attaching a patch 'd1582_v1.diff' which raises a warning when no privileges are revoked by the revoke statement.
This patch adds checks for revoke of table and routine permissions. It checks return value of DataDictionary.addRemovePermissionsDescriptor method which returns true if revoke has removed a privilege. The new SQLState and warning added are:
WARNING 01006: Privilege not revoked.
Tests are in lang/grantRevokeDDL.sql.
It is not very clear to me from the spec how the following case should be handled - revoking permissions from dba (user who is the owner of the database). dba has "implicit" permissions on all objects and we cannot revoke privileges from dba. With the current patch we will get the above warning when we revoke any privilge from dba. I am thinking this behaviour is okay. It would be helpful if someone can confirm this.
I am running derbyall with the patch now. Meantime, any feedback is appreciated.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Mamta A. Satoor (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Mamta A. Satoor closed DERBY-1582.
----------------------------------
Resolution: Fixed
In order for Deepa to resolve remaining items for this Jira entry, DERBY-1782 should get fixed. I am closing this issue and relating it to DERBY-1782 so we don't loose the association of the 2 jira entries.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Fix For: 10.2.1.0
>
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12427054 ]
Daniel John Debrunner commented on DERBY-1582:
----------------------------------------------
I get a conflict on the applying the patch, in RoutinePrivilegeInfo, due to changes for DEBRY-1643. Thinking it was strange you would have to modify that file I looked closer and saw that this code fragment and the resulting adding the warning is repeated and probably should be pushed up into the super-class.
+ if (dd.addRemovePermissionsDescriptor( grant, routinePermsDesc, grantee, tc)) {
+ privileges_revoked = true;
+ dd.getDependencyManager().invalidateFor(routinePermsDesc, DependencyManager.REVOKE_EXECUTE_PRIVILEGE, lcc);
Something like
void addRemovePermissionsDescriptor(PermissionsDescritpor pd, String grantee, TransactionController tc)
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Mamta A. Satoor (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=comments#action_12430037 ]
Mamta A. Satoor commented on DERBY-1582:
----------------------------------------
Deepa, the test changes look good. Thanks for adding more tests.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Rick Hillegas updated DERBY-1582:
---------------------------------
Urgency: Urgent
Fix Version/s: 10.2.1.0
Assign to 10.2 and bump urgency.
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Reporter: Daniel John Debrunner
> Assigned To: Deepa Remesh
> Fix For: 10.2.1.0
>
> Attachments: d1582_v1.diff, d1582_v1.status, d1582_v2.diff, d1582_v2.status, d1582_v2_with_tests.diff
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1582) REVOKE statement does not generate a
warning when no privileges are revoked.
Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1582?page=all ]
Deepa Remesh updated DERBY-1582:
--------------------------------
Derby Info: [Patch Available]
> REVOKE statement does not generate a warning when no privileges are revoked.
> ----------------------------------------------------------------------------
>
> Key: DERBY-1582
> URL: http://issues.apache.org/jira/browse/DERBY-1582
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Attachments: d1582_v1.diff, d1582_v1.status
>
>
> SQL 2003 standard, section 12.7 <revoke statement>, item 17 under general rules indicates the statement completes with the condition 'warning ? privilege not revoked.' when no matching privilege is revoked.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira