Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GRANT does not work for UPDATE #3229

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

GRANT does not work for UPDATE #3229

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2013-02-07 11:37:11 +0100
From: @bartscheers
To: SQL devs <>
Version: 11.15.1 (Feb2013)
CC: @njnes

Last updated: 2013-03-07 12:41:22 +0100

Comment 18455

Date: 2013-02-07 11:37:11 +0100
From: @bartscheers

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
Build Identifier:

When I create a new user and want to grant her only select access to a table, she can still update the table.

Reproducible: Always

Steps to Reproduce:

1.monetdb create grantupd; monetdb start grantupd; monetdb release grantupd;
2.mclient -d grantupd
3.sql>create table version (name varchar(10), i int);insert into version (name,i) values ('test1', 1);
4.sql>CREATE USER "bart" WITH PASSWORD 'bart' NAME 'Bart Simpson' SCHEMA "sys";
5.sql>GRANT SELECT ON TABLE version TO bart;
6.sql>\q

7.mclient -d grantupd -ubart
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 1 |
+-------+------+
1 tuple (1.631ms)

sql>delete from version;
DELETE FROM: insufficient privileges for user 'bart' to delete from table 'version'
sql>insert into version (name,i) values ('test3', 3);
INSERT INTO: insufficient privileges for user 'bart' to insert into table 'version'

All correct, but:
sql>update version set i = 2;
1 affected row (32.151ms)
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 2 |
+-------+------+
1 tuple (1.364ms)

Actual Results:

UPDATE GRANT neglected.

Expected Results:

insufficient privileges

This is also incorrect when working in another than sys schema.

Comment 18468

Date: 2013-02-13 13:37:56 +0100
From: @njnes

Changeset febda30627eb made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=febda30627eb

Changeset description:

add test(s) for bug #3229

Comment 18469

Date: 2013-02-13 13:39:01 +0100
From: @njnes

proper checks were missing...

Comment 18589

Date: 2013-03-07 12:41:22 +0100
From: @sjoerdmullender

Feb2013-SP1 has been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant