User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
Build Identifier:
When I create a new user and want to grant her only select access to a table, she can still update the table.
Reproducible: Always
Steps to Reproduce:
1.monetdb create grantupd; monetdb start grantupd; monetdb release grantupd;
2.mclient -d grantupd
3.sql>create table version (name varchar(10), i int);insert into version (name,i) values ('test1', 1);
4.sql>CREATE USER "bart" WITH PASSWORD 'bart' NAME 'Bart Simpson' SCHEMA "sys";
5.sql>GRANT SELECT ON TABLE version TO bart;
6.sql>\q
7.mclient -d grantupd -ubart
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 1 |
+-------+------+
1 tuple (1.631ms)
sql>delete from version;
DELETE FROM: insufficient privileges for user 'bart' to delete from table 'version'
sql>insert into version (name,i) values ('test3', 3);
INSERT INTO: insufficient privileges for user 'bart' to insert into table 'version'
All correct, but:
sql>update version set i = 2;
1 affected row (32.151ms)
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 2 |
+-------+------+
1 tuple (1.364ms)
Actual Results:
UPDATE GRANT neglected.
Expected Results:
insufficient privileges
This is also incorrect when working in another than sys schema.
Date: 2013-02-07 11:37:11 +0100
From: @bartscheers
To: SQL devs <>
Version: 11.15.1 (Feb2013)
CC: @njnes
Last updated: 2013-03-07 12:41:22 +0100
Comment 18455
Date: 2013-02-07 11:37:11 +0100
From: @bartscheers
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0
Build Identifier:
When I create a new user and want to grant her only select access to a table, she can still update the table.
Reproducible: Always
Steps to Reproduce:
1.monetdb create grantupd; monetdb start grantupd; monetdb release grantupd;
2.mclient -d grantupd
3.sql>create table version (name varchar(10), i int);insert into version (name,i) values ('test1', 1);
4.sql>CREATE USER "bart" WITH PASSWORD 'bart' NAME 'Bart Simpson' SCHEMA "sys";
5.sql>GRANT SELECT ON TABLE version TO bart;
6.sql>\q
7.mclient -d grantupd -ubart
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 1 |
+-------+------+
1 tuple (1.631ms)
sql>delete from version;
DELETE FROM: insufficient privileges for user 'bart' to delete from table 'version'
sql>insert into version (name,i) values ('test3', 3);
INSERT INTO: insufficient privileges for user 'bart' to insert into table 'version'
All correct, but:
sql>update version set i = 2;
1 affected row (32.151ms)
sql>select * from version;
+-------+------+
| name | i |
+=======+======+
| test1 | 2 |
+-------+------+
1 tuple (1.364ms)
Actual Results:
UPDATE GRANT neglected.
Expected Results:
insufficient privileges
This is also incorrect when working in another than sys schema.
Comment 18468
Date: 2013-02-13 13:37:56 +0100
From: @njnes
Changeset febda30627eb made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=febda30627eb
Changeset description:
Comment 18469
Date: 2013-02-13 13:39:01 +0100
From: @njnes
proper checks were missing...
Comment 18589
Date: 2013-03-07 12:41:22 +0100
From: @sjoerdmullender
Feb2013-SP1 has been released.
The text was updated successfully, but these errors were encountered: