[DERBY-1782] When a privilege is revoked at table level, Derby should only drop objects that require that particular privilege and not all the objects that require some form of privilege on that table. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.2.1.6
Fix Version/s: None
Component/s: SQL
Labels:
- derby_triage10_5_2

Urgency:
Normal
Issue & fix info:

Repro attached
Bug behavior facts:

Deviation from standard

Description

Views/triggers/constraints can depend on different privileges at table level. As per SQL specification, if the required privilege is revoked, the dependent objects(Views, triggers and constraints) should get dropped automatically. Derby 10.2 supports this partially. In Derby 10.2, when any granted privilege is revoked at a table level, all the objects(views, triggers and constraints) that require any kind of privilege on that table get dropped.
eg
user1
create table t1
grant select, update on t1 to user2
user2
create view v1 as select * from user1.t1 – this view requires SELECT privilege on user1.t1 and doesn't rely on UPDATE privilege on user1.t1
user1
revoke update on t1 from user2 – in Derby 10.2, this ends up dropping the view user2.v1 even though it does not rely on that particular privilege on user1.t1

Similar behavior exists for column level privileges. When a privilege is revoked at column level, we should only drop objects that require that privilege on that particular column list. In Derby 10.2, we end up dropping all the objects that rely on that privilege type even though they do not require the particular columns on which privilege is getting revoked.
eg
user1
create table t1(c11 int, c12 int, c13 int)
grant select(c11,c12) on t1 to user2
user2
create view v1 as select c11 from user1.t1
– the view above requires SELECT privilege on column c11 in user1.t1 and doesn't rely on SELECT privilege on column c12 in user1.t1
user1
revoke select(c12) on t1 from user2
– in Derby 10.2, the above revoke ends up dropping the view user2.v1 even though it does not rely on SELECT privilege on column c12 in user1.t1

Both of these behavior manifest from how the permission related system tables are designed and how Derby keeps the permission dependency information for the objects. Some solutions for this problem are discussed in ~~DERBY-1539~~.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

repro.sql
09/Jul/09 09:21
0.4 kB
Knut Anders Hatlen

Issue Links

is related to

DERBY-1330 Provide runtime privilege checking for grant/revoke functionality

Closed

DERBY-1582 REVOKE statement does not generate a warning when no privileges are revoked.

Closed

DERBY-1857 Constraint got dropped incorrectly when a reference privilege is revoked.

Closed

DERBY-2041 Trigger should register a dependency on tables and columns used in its body

Closed

DERBY-1539 A trigger should be dropped when a privilege required by the trigger is revoked.

Closed

DERBY-1611 A view should be dropped when a privilege required by the view is revoked.

Closed

DERBY-1612 A constraint should be dropped when a privilege required by the constraint is revoked.

Closed

(2 is related to)

Activity

People

Assignee:: Unassigned

Reporter:: Mamta A. Satoor

Votes:: 1 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 30/Aug/06 06:10

Updated:: 19/Nov/13 11:46