Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2893

INSERT and UPDATES succeed when permission has not been granted.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.3.1.4, 10.4.1.3
    • Fix Version/s: 10.3.1.4
    • Component/s: Test
    • Labels:
      None

      Description

      GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form

      try {
      s.execute(command)
      } catch (SQLException sqle)
      {
      if (!hasPrivilege)
      assertSQLState("42502", e);
      else
      fail(...);
      }

      Note that no fail() assert was in the try portion after the SQL execution. The statement should not work if hasPrivilege is false, but the test will incorrectly pass if the statement succeeds. I added fail asserts with revision 552922 like:

      if (!hasPrivilege)
      fail("expected no INSERT permission on table");

      but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures fail) indicating that the statement succeeds even if the permission is not granted.

      It could be a test problem but needs some investigation.

      The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented out to stop the test failing.

        Attachments

        1. DERBY-2893_diff.txt
          2 kB
          Katherine Marsden

          Activity

            People

            • Assignee:
              kmarsden Katherine Marsden
              Reporter:
              djd Daniel John Debrunner
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: