You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2017/05/16 16:41:04 UTC

[jira] [Closed] (TRAFODION-2330) Using trafci, a select from a table succeeds even if the user does not have the priv

     [ https://issues.apache.org/jira/browse/TRAFODION-2330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Roberta Marton closed TRAFODION-2330.
-------------------------------------
    Resolution: Fixed

> Using trafci, a select from a table succeeds even if the user does not have the priv
> ------------------------------------------------------------------------------------
>
>                 Key: TRAFODION-2330
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2330
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-general
>            Reporter: Roberta Marton
>            Assignee: Roberta Marton
>
> When connecting to Trafodion through trafci, an available mxosrvr is found and a new session is started.  If the previous session was associated with a user other than the current user, the caches are not invalidated.  There is a potential for the current user to be able to perform that same queries as the previous user whether or not they have the correct privileges.
> To recreate:
> enable security
> set number of mxosrvr to 1 in the conf file.
> restart dcs
> bring up a trafci session and perform queries for sql_user1
> stop trafci and bring up trafci as sql_user2
> sql_user2 can perform the same queries as sql_user1



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)