Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Date: 2013-02-09 17:26:57 +0100 From: @bartscheers To: SQL devs <> Version: 11.15.1 (Feb2013) CC: @njnes
Last updated: 2013-03-07 12:41:23 +0100
Date: 2013-02-09 17:26:57 +0100 From: @bartscheers
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20100101 Firefox/16.0 Build Identifier:
A user having only select privileges on a table is allowed to do so when a sql function performs the insert into the table.
Reproducible: Always
row inserted, updated, deleted
A insufficient privileges message for all cases, and no execution of function
Date: 2013-02-09 17:32:58 +0100 From: @bartscheers
Created attachment 178 contains the necessary test files
Attached file: grantfunctionbug.tar (text/plain, 10240 bytes) Description: contains the necessary test files
Date: 2013-02-13 16:00:33 +0100 From: @njnes
Changeset fffd420f1ee8 made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=fffd420f1ee8
Changeset description:
fixes and test added for bug #3230
Date: 2013-02-13 16:02:55 +0100 From: @njnes
fixed. We now check user rights also in recursive sql. This means tables under views are checked for user rights properly (we don't support materialized views)
Date: 2013-03-07 12:41:23 +0100 From: @sjoerdmullender
Feb2013-SP1 has been released.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Date: 2013-02-09 17:26:57 +0100
From: @bartscheers
To: SQL devs <>
Version: 11.15.1 (Feb2013)
CC: @njnes
Last updated: 2013-03-07 12:41:23 +0100
Comment 18456
Date: 2013-02-09 17:26:57 +0100
From: @bartscheers
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20100101 Firefox/16.0
Build Identifier:
A user having only select privileges on a table is allowed to do so when a sql function performs the insert into the table.
Reproducible: Always
Steps to Reproduce:
Actual Results:
row inserted, updated, deleted
Expected Results:
A insufficient privileges message for all cases, and no execution of function
Comment 18457
Date: 2013-02-09 17:32:58 +0100
From: @bartscheers
Created attachment 178
contains the necessary test files
Comment 18471
Date: 2013-02-13 16:00:33 +0100
From: @njnes
Changeset fffd420f1ee8 made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=fffd420f1ee8
Changeset description:
Comment 18472
Date: 2013-02-13 16:02:55 +0100
From: @njnes
fixed. We now check user rights also in recursive sql.
This means tables under views are checked for user rights properly (we don't support materialized views)
Comment 18592
Date: 2013-03-07 12:41:23 +0100
From: @sjoerdmullender
Feb2013-SP1 has been released.
The text was updated successfully, but these errors were encountered: