Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-464 Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.
  3. DERBY-1330

Provide runtime privilege checking for grant/revoke functionality

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.2.1.6
    • 10.2.1.6
    • SQL
    • None
    • Urgent

    Description

      Additional work needs to be done for grant/revoke to make sure that only users with required privileges can access various database objects. In order to do that, first we need to collect the privilege requirements for various database objects and store them in SYS.SYSREQUIREDPERM. Once we have this information then when a user tries to access an object, the required SYS.SYSREQUIREDPERM privileges for the object will be checked against the user privileges in SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS. The database object access will succeed only if the user has the necessary privileges.

      SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS are already populated by Satheesh's work on DERBY-464. But SYS.SYSREQUIREDPERM doesn't have any information in it at this point and hence no runtime privilege checking is getting done at this point.

      Attachments

        1. Derby1330setUUIDinDataDictionaryV10diff.txt
          6 kB
          Mamta A. Satoor
        2. Derby1330setUUIDinDataDictionaryV10stat.txt
          0.6 kB
          Mamta A. Satoor
        3. DERBY1330javaDocWarningsDiffV9.txt
          2 kB
          Mamta A. Satoor
        4. DERBY1330javaDocWarningsStatV9.txt
          0.3 kB
          Mamta A. Satoor
        5. Derby1330setUUIDinDataDictionaryV8diff.txt
          7 kB
          Mamta A. Satoor
        6. Derby1330setUUIDinDataDictionaryV8stat.txt
          0.6 kB
          Mamta A. Satoor
        7. Derby1330MinorCleanupV7diff.txt
          3 kB
          Mamta A. Satoor
        8. Derby1330MinorCleanupV7stat.txt
          0.1 kB
          Mamta A. Satoor
        9. Derby1330uuidIndexForPermsSystemTablesV6diff.txt
          19 kB
          Mamta A. Satoor
        10. Derby1330uuidIndexForPermsSystemTablesV6stat.txt
          0.5 kB
          Mamta A. Satoor
        11. Derby1330uuidIndexForPermsSystemTablesV5diff.txt
          85 kB
          Mamta A. Satoor
        12. Derby1330uuidIndexForPermsSystemTablesV5stat.txt
          1 kB
          Mamta A. Satoor
        13. Derby1330uuidIndexForPermsSystemTablesV4diff.txt
          39 kB
          Mamta A. Satoor
        14. Derby1330uuidIndexForPermsSystemTablesV4stat.txt
          1.0 kB
          Mamta A. Satoor
        15. Derby1330PrivilegeCollectionV3diff.txt
          363 kB
          Mamta A. Satoor
        16. Derby1330PrivilegeCollectionV3stat.txt
          4 kB
          Mamta A. Satoor
        17. Derby1330PrivilegeCollectionV2diff.txt
          362 kB
          Mamta A. Satoor
        18. Derby1330PrivilegeCollectionV2stat.txt
          4 kB
          Mamta A. Satoor
        19. Derby1330ViewPrivilegeCollectionV1diff.txt
          352 kB
          Mamta A. Satoor
        20. Derby1330ViewPrivilegeCollectionV1stat.txt
          4 kB
          Mamta A. Satoor
        21. AuthorizationModelForDerbySQLStandardAuthorizationV2.html
          13 kB
          Mamta A. Satoor
        22. AuthorizationModelForDerbySQLStandardAuthorization.html
          14 kB
          Mamta A. Satoor

        Issue Links

          incorporates

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1539 A trigger should be dropped when a privilege required by the trigger is revoked.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1611 A view should be dropped when a privilege required by the view is revoked.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1612 A constraint should be dropped when a privilege required by the constraint is revoked.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1643 A "revoke execute ... restrict" should fail if there are dependent objects on the execute privilege

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1579 Remove SYS.SYSREQUIREDPERM from Derby 10.2. This was added for Grant Revoke functionality

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1646 Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-1632 During revoke privilege, Derby does not look for replacement privilege for the dependent objects and simply drops the dependent objects. This is not SQL compliant and should be fixed.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DERBY-1782 When a privilege is revoked at table level, Derby should only drop objects that require that particular privilege and not all the objects that require some form of privilege on that table.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DERBY-1686 Grant/Revoke: Attempt to GRANT access to another user on a VIEW, created by the current user with only SELECT privilege on the base table does not fail

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1631 Derby needs to support drop view cascade in order for revoke privilege to function correctly

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mamtas Mamta A. Satoor
              mamtas Mamta A. Satoor
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: