You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2018/04/11 23:02:00 UTC
[jira] [Commented] (TRAFODION-2339) column privilege -- a user who
doesn't have select privilege on all columns can insert data into the table
[ https://issues.apache.org/jira/browse/TRAFODION-2339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16434683#comment-16434683 ]
Roberta Marton commented on TRAFODION-2339:
-------------------------------------------
This issue has been fixed:
create table tab2(a int, b int, c int);
--- SQL operation complete.
>>grant insert(a,c),select(a) on tab2 to sql_user1;
--- SQL operation complete.
showddl tab2;
CREATE TABLE TRAFODION.SCH.TAB2
(
A INT DEFAULT NULL NOT SERIALIZED
, B INT DEFAULT NULL NOT SERIALIZED
, C INT DEFAULT NULL NOT SERIALIZED
)
ATTRIBUTES ALIGNED FORMAT
;
-- GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.SCH.TAB2 TO DB__ROOT WITH GRANT OPTION;
GRANT SELECT(A), INSERT(A, C) ON TRAFODION.SCH.TAB2 TO SQL_USER1;
--- SQL operation complete.
change to user sql_user1;
>>select * from tab2;
*** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.SCH.TAB2(columns: B, C).
*** ERROR[8822] The statement was not prepared.
>>insert into tab2 values (1,2,3);
*** ERROR[4481] The user does not have INSERT privilege on table or view TRAFODION.SCH.TAB2(columns: B).
*** ERROR[8822] The statement was not prepared.
> column privilege -- a user who doesn't have select privilege on all columns can insert data into the table
> ----------------------------------------------------------------------------------------------------------
>
> Key: TRAFODION-2339
> URL: https://issues.apache.org/jira/browse/TRAFODION-2339
> Project: Apache Trafodion
> Issue Type: Bug
> Components: sql-security
> Environment: CDH5.4.8 HDP2.4.0
> R2.2 1023 daily
> Reporter: Gao, Rui-Xian
> Assignee: Roberta Marton
> Priority: Major
>
> a user who doesn't have select privilege on all columns can insert data into the table successfully.
> >>create table tab2(a int, b int, c int);
> — SQL operation complete.
> >>grant insert(a,c),select(a) on tab2 to testuser1;
> — SQL operation complete.
> >>grant insert(a,c),select(a) on tab2 to testuser1;
> — SQL operation complete.
> >>showddl tab2;
> CREATE TABLE TRAFODION.MYTESTSCH.TAB2
> (
> A INT DEFAULT NULL NOT SERIALIZED
> , B INT DEFAULT NULL NOT SERIALIZED
> , C INT DEFAULT NULL NOT SERIALIZED
> )
> ATTRIBUTES ALIGNED FORMAT
> ;
> – GRANT SELECT, INSERT, DELETE, UPDATE, REFERENCES ON TRAFODION.MYTESTSCH.TAB2 TO DB__ROOT WITH GRANT OPTION;
> GRANT SELECT(A, B), INSERT(A, B, C) ON TRAFODION.MYTESTSCH.TAB2 TO TESTUSER1;
> — SQL operation complete.
> connect as testuser1 –
> SQL>select * from tab2;
> *
> **
> *** ERROR[4481] The user does not have SELECT privilege on table or view TRAFODION.MYTESTSCH.TAB2(columns: C). [2016-11-04 17:07:42]
> SQL>insert into tab2 values(1,2,3);
> — 1 row(s) inserted.
> testuser1 doesn't have select privilege on columnC, but insert data into columnC successfully.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)