Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot CREATE VIEW that selects from a system table, despite having all grants [CORE5060] #5347

Closed
firebird-issue-importer opened this issue Dec 31, 2015 · 6 comments

Comments

@firebird-issue-importer

Submitted by: Lukas Eder (lukas.eder)

I have created a user TEST, using which I can access the system tables:

SQL> SELECT 1 FROM rdb$database;

CONSTANT 

============
1

I have granted ALL PRIVILEGES, including creating views to this user. For instance:

SQL> create view v as select 1 a from t_book;
SQL> select * from v;

       A 

============
1
1
1
1

SQL> rollback;
SQL> drop view v;

But when I want to create a view that selects from the system table, something goes wrong:

SQL> create view v as select 1 a from rdb$database;
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-CREATE VIEW V failed
-no permission for SELECT access to TABLE/VIEW RDB$DATABASE

From a high level, I would say that this is a bug, right?

Commits: aa55704 FirebirdSQL/fbt-repository@4e5cd0c

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 2, 2016

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 2, 2016

Commented by: @AlexPeshkoff

The problem fixed was wider than one noticed by Lukas - non-DBA user could not create any view containing some other table/view. That was due to the check of database security class removed in other places but kept in view creation check. Database security class is now used for database-level DDL rights control and makes no sense in view creation for individual tables.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 2, 2016

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 RC2 [ 10048 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 13, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Done successfully

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 13, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jan 15, 2016

Commented by: Lukas Eder (lukas.eder)

Interesting discovery, Alexander, thanks a lot for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants