You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Alice Chen (JIRA)" <ji...@apache.org> on 2015/07/22 20:17:44 UTC
[jira] [Created] (TRAFODION-660) LP Bug: 1375494 - Revoke with
grantee list does not revoke from entire list
Alice Chen created TRAFODION-660:
------------------------------------
Summary: LP Bug: 1375494 - Revoke with grantee list does not revoke from entire list
Key: TRAFODION-660
URL: https://issues.apache.org/jira/browse/TRAFODION-660
Project: Apache Trafodion
Issue Type: Bug
Components: sql-security
Reporter: Paul Low
Assignee: Cliff Gray
Priority: Critical
The revoke is only revoking the first user/grantee from the list of grantees.
Output log:
SQL>create role role2 with admin USER2;
--- SQL operation complete.
SQL>showddl role role2;
CREATE ROLE "ROLE2" WITH ADMIN "USER2";
-- GRANT ROLE "ROLE2" TO "USER2" WITH ADMIN OPTION;
--- SQL operation complete.
SQL>connect USER2/PASSWORD2
Connected to Trafodion
SQL>grant role role2 to USER3, USER4;
--- SQL operation complete.
SQL>showddl role role2;
CREATE ROLE "ROLE2" WITH ADMIN "USER2";
-- GRANT ROLE "ROLE2" TO "USER2" WITH ADMIN OPTION;
GRANT ROLE "ROLE2" TO
"USER3";
GRANT ROLE "ROLE2" TO "USER4";
--- SQL operation complete.
SQL>revoke role role2 from USER3, USER4;
--- SQL operation complete.
SQL>showddl role role2;
CREATE ROLE "ROLE2" WITH ADMIN "USER2";
-- GRANT ROLE "ROLE2" TO "USER2" WITH ADMIN OPTION;
GRANT ROLE "ROLE2" TO
"USER4";
--- SQL operation complete.
SQL>revoke role role2 from USER3;
*** ERROR[1017] You are not authorized to perform this operation. [2014-09-29 20:47:42]
SQL>revoke role role2 from USER4;
--- SQL operation complete.
SQL>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)