You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2015/10/17 00:11:05 UTC

[jira] [Updated] (TRAFODION-1276) LP Bug: 1465782 - Revoke privilege return dependent grant ERROR[1037]

     [ https://issues.apache.org/jira/browse/TRAFODION-1276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Roberta Marton updated TRAFODION-1276:
--------------------------------------
    Priority: Minor  (was: Critical)

> LP Bug: 1465782 - Revoke privilege return dependent grant ERROR[1037]
> ---------------------------------------------------------------------
>
>                 Key: TRAFODION-1276
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-1276
>             Project: Apache Trafodion
>          Issue Type: Wish
>          Components: sql-security
>            Reporter: Paul Low
>            Assignee: Roberta Marton
>            Priority: Minor
>             Fix For: 2.0-incubating
>
>
> The DB__ROOT user is unable to revoke privilege granted to user after user grants privilege to another user.  In the scenario below, the user is granted privilege with grant option.  The user grants the privilege to another user.  DB__ROOT is unable to revoke the original privilege and the WGO privilege that he first granted to the user.  ERROR[1037] is returned.
> Daily build: 20150613
> Security is enabled.
> SQL>create schema schema1;
> --- SQL operation complete.
>            
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>create table tab1(a int, b int) no partition;
> --- SQL operation complete.
> SQL>grant select on tab1 to username1 with grant option;
> --- SQL operation complete.
> SQL>connect username1/password1;
> Connected to Trafodion 
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>grant select on tab1 to username2;
> --- SQL operation complete.
> SQL>connect db_root_username/db_root_password;
> Connected to Trafodion 
> SQL>set schema schema1;
> --- SQL operation complete.
> SQL>revoke grant option for select on tab1 from username1;
> *** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>revoke grant option for select on tab1 from username1 cascade;
> *** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>revoke select on tab1 from username1 cascade;
> *** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2 
> SQL>drop schema schema1 cascade;
> --- SQL operation complete.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)