You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2017/03/17 22:00:43 UTC
[jira] [Commented] (TRAFODION-2407) Need include privilege checking
on 'PUBLIC' when getting privileges for a user
[ https://issues.apache.org/jira/browse/TRAFODION-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15930802#comment-15930802 ]
Roberta Marton commented on TRAFODION-2407:
-------------------------------------------
Changed -> if PUBLIC has been granted SHOW privilege than any user can:
perform GET commands
perform SHOWDDL commands.
> Need include privilege checking on 'PUBLIC' when getting privileges for a user
> ------------------------------------------------------------------------------
>
> Key: TRAFODION-2407
> URL: https://issues.apache.org/jira/browse/TRAFODION-2407
> Project: Apache Trafodion
> Issue Type: Improvement
> Components: sql-security
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
>
> Some privilege checking for specific commands will be affected by privileges on PUBLIC, so we'd better include privilege checking for PUBLIC when getting privileges for a user.
> For example, we have privilege checking for SHOWDDL commands. To perform a SHOWDDL one must:
> -- be DB__ROOT
> -- be object owner
> -- have the SHOW privilege (PUBLIC & DB__ROOTROLE has priv)
> -- have SELECT privileges on object
> So a user can do showddl on any objects if PUBLIC has SHOW component privilege.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)