Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Any user can grant a role. #3772

Closed
monetdb-team opened this issue Nov 30, 2020 · 2 comments
Closed

Any user can grant a role. #3772

monetdb-team opened this issue Nov 30, 2020 · 2 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2015-07-20 00:18:55 +0200
From: vera <<vera.matei>>
To: SQL devs <>
Version: 11.19.15 (Oct2014-SP4)
CC: @njnes

Last updated: 2015-08-28 13:42:07 +0200

Comment 21027

Date: 2015-07-20 00:18:55 +0200
From: vera <<vera.matei>>

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Build Identifier:

A user can grant any role, even if that role was not assigned to him. The user can even grant the role to itself, which gives the user permissions that was not having previously.

Reproducible: Always

Comment 21029

Date: 2015-07-20 21:41:57 +0200
From: MonetDB Mercurial Repository <>

Changeset 2b167d2b527d made by Vera Matei vera.matei@monetdbsolutions.com in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=2b167d2b527d

Changeset description:

Test for bug #3772.

Comment 21046

Date: 2015-07-22 22:24:01 +0200
From: @njnes

fixed, ie now only monetdb user or role owner, or granted with admin can grant roles

Comment 21202

Date: 2015-08-28 13:42:07 +0200
From: @sjoerdmullender

Jul2015 has been released.

@yzchang
Copy link
Member

@yzchang yzchang commented Dec 11, 2020

Reopened this ancient issue, because now the role owner can't grant the role to someone else. See the newly extended test for this Issue grantRole.Bug-3772.SQL.py @njnes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants