Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New object rights for enhanced security [CORE2884] #3268

Closed
firebird-issue-importer opened this issue Feb 23, 2010 · 8 comments
Closed

New object rights for enhanced security [CORE2884] #3268

firebird-issue-importer opened this issue Feb 23, 2010 · 8 comments

Comments

@firebird-issue-importer

Submitted by: Claudio Valderrama C. (robocop)

Is related to CORE735
Is related to QA655

Votes: 2

The core engine needs to have syntax (GRANT, REVOKE) to apply security to generators, charsets, collations, domains, functions and exceptions.

EXECUTE permission for functions, USAGE permission for everything else. The SQL spec defines USAGE for domains and sequences.

It should be possible to grant any non-owner permissions to ALTER or DROP a particular object. Also, there should be a CREATE privilege allowing a granted user to create particular object types. It applies to all metadata objects, not only the new ones.

Commits: e956e2e

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2011

Modified by: @dyemanov

Fix Version: 3.0 Alpha 1 [ 10331 ]

Version: 3.0 Alpha 1 [ 10331 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

Link: This issue is related to CORE735 [ CORE735 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 8, 2012

Modified by: @dyemanov

status: Open [ 1 ] => In Progress [ 3 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 19, 2013

Commented by: @dyemanov

EXECUTE/USAGE permissions are implemented. CREATE/ALTER/DROP permissions are covered by CORE735.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 19, 2013

Modified by: @dyemanov

status: In Progress [ 3 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 28, 2015

Modified by: @pcisar

Link: This issue is related to QA655 [ QA655 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 30, 2017

Commented by: @reevespaul

The release notes say that generators and exceptions must now be granted USAGE to all users other than SYSDBA and the db owner.

I can understand doing this for generators but I don't understand this at all for exceptions. Surely USAGE should be automatically granted to the procedure or table/trigger that will fire the exception ? ie, if the user has the authority to execute the procedure it should have an implicit usage granted.

What is the point of throwing this sort of error:

no permission for USAGE access to EXCEPTION ....

instead of the real error?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants