You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2017/02/13 22:30:41 UTC

[jira] [Work started] (TRAFODION-2423) any user can perform 'initialize trafodion,drop'

     [ https://issues.apache.org/jira/browse/TRAFODION-2423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on TRAFODION-2423 started by Roberta Marton.
-------------------------------------------------
> any user can perform 'initialize trafodion,drop'
> ------------------------------------------------
>
>                 Key: TRAFODION-2423
>                 URL: https://issues.apache.org/jira/browse/TRAFODION-2423
>             Project: Apache Trafodion
>          Issue Type: Bug
>          Components: sql-security
>    Affects Versions: 2.0-incubating
>         Environment: cloudera version -- CDH5.6
> hortonworks version -- HDP2.3.4
>            Reporter: Gao, Rui-Xian
>            Assignee: Roberta Marton
>            Priority: Critical
>
> When security is enabled, any user can perform 'initialize trafodion,dorp' to drop all objects, we should limit the user to DB__ROOT only.
> [trafodion@gyvm-1 security]$ trafci
> Welcome to EsgynDB Enterprise Command Interface
> Copyright (c) 2015-2016 Esgyn Corporation
> Host Name/IP Address: gyvm-1.novalocal:23400
> User Name: zz
> *** ERROR[8837] Invalid username or password.  User: ZZ [2017-01-01 22:40:23]
> User Name: qauser2
> Password: 
> Role Name [Primary Role]:
> Connected to EsgynDB Advanced
> SQL>select * from user1sch.user1t;
> *** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.USER1SCH.USER1T. [2017-01-01 22:41:03]
> SQL>get component privileges on sql_operations for qauser2;
> --- SQL operation complete.
> SQL>initialize trafodion,drop;
> --- SQL operation complete.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)