You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2017/05/16 16:41:04 UTC
[jira] [Closed] (TRAFODION-2330) Using trafci, a select from a
table succeeds even if the user does not have the priv
[ https://issues.apache.org/jira/browse/TRAFODION-2330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Roberta Marton closed TRAFODION-2330.
-------------------------------------
Resolution: Fixed
> Using trafci, a select from a table succeeds even if the user does not have the priv
> ------------------------------------------------------------------------------------
>
> Key: TRAFODION-2330
> URL: https://issues.apache.org/jira/browse/TRAFODION-2330
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-general
> Reporter: Roberta Marton
> Assignee: Roberta Marton
>
> When connecting to Trafodion through trafci, an available mxosrvr is found and a new session is started. If the previous session was associated with a user other than the current user, the caches are not invalidated. There is a potential for the current user to be able to perform that same queries as the previous user whether or not they have the correct privileges.
> To recreate:
> enable security
> set number of mxosrvr to 1 in the conf file.
> restart dcs
> bring up a trafci session and perform queries for sql_user1
> stop trafci and bring up trafci as sql_user2
> sql_user2 can perform the same queries as sql_user1
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)