Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Owner of the schema loses rights if assumes the monetdb role. #3771

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Owner of the schema loses rights if assumes the monetdb role. #3771

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2015-07-19 23:29:12 +0200
From: vera <<vera.matei>>
To: SQL devs <>
Version: 11.19.15 (Oct2014-SP4)
CC: @njnes, @yzchang

Last updated: 2015-10-17 12:40:53 +0200

Comment 21026

Date: 2015-07-19 23:29:12 +0200
From: vera <<vera.matei>>

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Build Identifier:

When a schema owner (which always has the right to SELECT, INSERT, CREATE, etc.) also assumes the monetdb role, it loses the right to SELECT, INSERT, UPDATE and DELETE, but it can still CREATE, ALTER or DROP tables. This only happens for schema owners and not for regular users. If a regular user assumes the monetdb role, he does get all the privileges on tables.

Reproducible: Always

Comment 21028

Date: 2015-07-20 21:41:46 +0200
From: MonetDB Mercurial Repository <>

Changeset af031cf381f1 made by Vera Matei vera.matei@monetdbsolutions.com in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=af031cf381f1

Changeset description:

Test for bug #3771. One test case does not fail, but it is included to support the bug description.

Comment 21047

Date: 2015-07-22 22:31:19 +0200
From: @njnes

fixed, ie both role and user id's are used to check for schema ownership

Comment 21165

Date: 2015-08-25 14:06:09 +0200
From: @yzchang

Although the bug is fixed for user created schemas, it doesn't work with the default "sys" schema. Re-open it. The existing corresponding test will be extended to cover the new case as well.

Comment 21306

Date: 2015-09-29 14:35:35 +0200
From: @sjoerdmullender

Jennie, did you extend the test as promised?

Comment 21312

Date: 2015-09-30 22:00:05 +0200
From: @yzchang

Sorry, it was actually Vera who said she will extend the test. Guess it was lost among the many things she was trying to do during the wrap up. I need to dig in the old communications how to extend the test. I put this on the top of my list.

Comment 21351

Date: 2015-10-17 12:40:53 +0200
From: @yzchang

Checked with Niels, that similar queries don't work with the "sys" schema is a correct behaviour, not a bug. Therefore, change the status to resolved & fixed. Niels' earlier fix for the not-pre-created-schemas is already released in Jul2015.

The owner of the "sys" schema is the user "monetdb", hence, granting the role "monetDB" to another user doesn't give that user any rights about the "sys" schema. To pass admin rights to a user, the role "sysadmin" should be granted. Then the user will be able to create/drop/update/alter/etc tables in the "sys" schema.

To avoid future confusion, we should disallow granting a role which was automatically created for each user (with the same name as the user name).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant