Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove all privileges of a user or role [CORE2113] #2546

Closed
firebird-issue-importer opened this issue Oct 9, 2008 · 14 comments
Closed

Remove all privileges of a user or role [CORE2113] #2546

firebird-issue-importer opened this issue Oct 9, 2008 · 14 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Oct 9, 2008

Submitted by: Bjoern Reimer (bnreimer)

Is related to QA318

Votes: 1

Proposal to extend REVOKE Syntax:

REVOKE ALL FROM <user> [WITH ADMIN OPTION];
REVOKE ALL FROM ROLE <role> [WITH ADMIN OPTION];

Commits: 203cf9a d3f22d3

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 9, 2008

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 9, 2008

Commented by: @dyemanov

Is this statement expected to revoke both granted permissions and roles from the user / role?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 9, 2008

Commented by: @AlexPeshkoff

I suppose it should bring a database to the state when removed user(role) is never mentioned in any ACL.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 9, 2008

Commented by: Bjoern Reimer (bnreimer)

What about making a difference?

Only removing al User-permissions with above mentioned commands and add:

REVOKE ALL ROLES FROM ...

So a Admin can send two commands, when he wants to remove all permissions but has the choice to remove only direct granted permissions or roles.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 10, 2008

Commented by: @AlexPeshkoff

I don't see big use in ability to separately remove roles and all the rest, and it seems to be unneeded over-complication. Remember - we started with a problem: user 'X' is dropped, why keep privileges for him?
But if other people think that such modes are also useful, this can be done.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Oct 10, 2008

Commented by: @dyemanov

I tend to agree with Alex here.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 14, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 Beta 1 [ 10251 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 14, 2008

Commented by: @AlexPeshkoff

The final syntax for a command I've chosen is:
REVOKE ALL ON ALL FROM { <userlist> | <rolelist> }
The reason to choose that form is very simple - with initially suggested
REVOKE ALL FROM { <userlist> | <rolelist> }
it is very easy to loose all grants if one forgets ON clause.

And - I'm opened to modifying it. May be
REVOKE ALL GRANTS FROM
sounds better?

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 30, 2008

Commented by: @asfernandes

Alex, I can't understand what is the problem with REVOKE ALL FROM { <userlist> | <rolelist> }.

The meaning of ALL ON ALL is also something I don't understand.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2008

Commented by: @AlexPeshkoff

Adriano, I had a reason to do it. It's too easy to forget ON clause, and instead desired
revoke all ON TABLE Tbl1 from user01;
type
revoke all from user01;
Currently this is syntax error, but with the form you suggest this leads to all rights revoked from user01. With default autocommit of DDL transactions this looks really dangerous to me. Let's better type
revoke all on all from user01;
when needed and be safe.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Feb 23, 2011

Modified by: @pcisar

Link: This issue is related to QA318 [ QA318 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 22, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 22, 2016

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Covered by another test(s)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants