-
-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect restore of security classes [CORE2214] #2642
Comments
Modified by: @asfernandesassignee: Adriano dos Santos Fernandes [ asfernandes ] |
Modified by: @asfernandesdescription: SQL security classes are maintained automatically by changes in RDB$USER_PRIVILEGES. They are not backed up, and are recreated when restoring RDB$USER_PRIVILEGES. But the problem is that the generator RDB$SECURITY_CLASS is not backed up. When restoring, new security class names are not created because this names (in RDB$RELATION_NAME, RDB$PROCEDURE_NAME and RDB$RELATION_FIELDS) are backed up. So old names are restored, but the generator is not incremented, hence new class names will overlap existing ones. This issue affects v2.5. It may also affect others versions when using grants for individual fields [grant update (colum_list)], but I'm not very sure. The solution seems to be not restore RDB$SECURITY_CLASS that starts with SQL$, the reserved prefix for SQL security classes. => SQL security classes are maintained automatically by changes in RDB$USER_PRIVILEGES. They are not backed up, and are recreated when restoring RDB$USER_PRIVILEGES. But the problem is that the generator RDB$SECURITY_CLASS is not backed up. When restoring, new security class names are not created because this names (in RDB$RELATION_NAME, RDB$PROCEDURE_NAME and RDB$RELATION_FIELDS) are backed up. So old names are restored, but the generator is not incremented, hence new class names will overlap existing ones. This issue affects v2.5. It may also affect others versions when using grants for individual fields [grant update (colum_list)], but I'm not very sure. The solution seems to be not restore RDB$SECURITY_CLASS that starts with SQL$, the reserved prefix for SQL security classes, letting a new name be generated. |
Modified by: @asfernandesstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.5 Beta 1 [ 10251 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Commented by: @hvlad > The solution seems to be not restore RDB$SECURITY_CLASS that starts with SQL$, the reserved prefix for SQL security classes, letting a new name be generated. There was user reports about not possible to downgrade database in ODS11.2 to ODS 11.1 because of issues with security classes. |
Modified by: @pavel-zotovQA Status: No test |
Submitted by: @asfernandes
SQL security classes are maintained automatically by changes in RDB$USER_PRIVILEGES. They are not backed up, and are recreated when restoring RDB$USER_PRIVILEGES.
But the problem is that the generator RDB$SECURITY_CLASS is not backed up. When restoring, new security class names are not created because this names (in RDB$RELATION_NAME, RDB$PROCEDURE_NAME and RDB$RELATION_FIELDS) are backed up. So old names are restored, but the generator is not incremented, hence new class names will overlap existing ones.
This issue affects v2.5. It may also affect others versions when using grants for individual fields [grant update (colum_list)], but I'm not very sure.
The solution seems to be not restore RDB$SECURITY_CLASS that starts with SQL$, the reserved prefix for SQL security classes, letting a new name be generated.
Commits: a2fbf5a
The text was updated successfully, but these errors were encountered: