You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/09/01 17:30:20 UTC

[jira] [Commented] (TRAFODION-2177) Revoke combined column privileges from role failed

    [ https://issues.apache.org/jira/browse/TRAFODION-2177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456083#comment-15456083 ] 

ASF GitHub Bot commented on TRAFODION-2177:
-------------------------------------------

GitHub user robertamarton opened a pull request:

    https://github.com/apache/incubator-trafodion/pull/685

    Various JIRA fixes related to security

    TRAFODION-2177: Revoke combined column privileges from role failed
    TRAFODION-2188: Insufficient privileges on sample table
    TRAFODION-2197: column privilege -- mxosrvr crashed
    
    2177: Privilege list for object generated twice causing restrict check to fail
    2188: Updated to allow user without create privilege to create sample table
    2197: List index was incorrectly specified
    
    In addition, relaxed rules on who can run update statistics to include anyone
    that has SELECT privileges on the target table.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertamarton/incubator-trafodion traf-2177

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafodion/pull/685.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #685
    
----
commit 58e006111d3a457cf61efad743f327d9d4822d8a
Author: Roberta Marton <ro...@apache.org>
Date:   2016-09-01T17:28:20Z

    Various JIRA fixes related to security
    
    TRAFODION-2177: Revoke combined column privileges from role failed
    TRAFODION-2188: Insufficient privileges on sample table
    TRAFODION-2197: column privilege -- mxosrvr crashed
    
    2177: Privilege list for object generated twice causing restrict check to fail
    2188: Updated to allow user without create privilege to create sample table
    2197: List index was incorrectly specified
    
    In addition, relaxed rules on who can run update statistics to include anyone
    that has SELECT privileges on the target table.

----


> Revoke combined column privileges from role failed
> --------------------------------------------------
>
>                 Key: TRAFODION-2177
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2177
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-security
>            Reporter: Gao, Rui-Xian
>            Assignee: Roberta Marton
>
> Revoke combined column privileges from role failed, but revoke the privileges seperately would succeed.
> Reproduce Steps --
> create role role1;
> create schema grantsch;
> set schema grantsch;
> create table a03tab1(col1 int, col2 int, col3 varchar(10))no partition;
>  
> grant insert(col1,col2), select on a03tab1 to role1;
> SQL>revoke insert(col1,col2), select on a03tab1 from role1;
> *** ERROR[1037] Revoke failed because of a dependent grant between authorization ID _SYSTEM and authorization ID DB__ROOT [2016-08-17 10:00:20]
> >>revoke select on a03tab1 from role1;
>  
> --- SQL operation complete.
> >>revoke insert(col1,col2) on a03tab1 from role1;
>  
> --- SQL operation complete.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)