Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6428

Adding an update trigger to a table causes Derby to require overbroad update privileges

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.11.1.1
    • Fix Version/s: None
    • Component/s: SQL
    • Labels:
      None
    • Urgency:
      Normal
    • Issue & fix info:
      Repro attached, Workaround attached

      Description

      If you put a before update row-level trigger on a table, then when you try to update the table, Derby requires UPDATE privilege on columns which you aren't updating. The following script shows this problem:

      connect 'jdbc:derby:memory:db;user=test_dbo;create=true';
      
      call syscs_util.syscs_create_user( 'TEST_DBO', 'test_dbopassword' );
      call syscs_util.syscs_create_user( 'RUTH', 'ruthpassword' );
      
      connect 'jdbc:derby:memory:db;shutdown=true';
      
      connect 'jdbc:derby:memory:db;user=test_dbo;password=test_dbopassword' as dbo;
      
      create table t1_025
      (
          a int primary key,
          e_update_t1_ruth int
      );
      
      create procedure addHistoryRow_025
      (
          actionString varchar( 20 ),
          actionValue int
      )
      language java parameter style java reads sql data
      external name 'org.apache.derbyTesting.functionTests.tests.lang.MergeStatementTest.addHistoryRow';
      
      -- if you comment out this trigger definition, then the final UPDATE works
      create trigger t1_025_upd_before
      no cascade before update on t1_025
      referencing old as old
      for each row
      call addHistoryRow_025( 'before', old.e_update_t1_ruth );
      
      grant update ( e_update_t1_ruth ) on t1_025 to ruth;
      
      grant execute on procedure addHistoryRow_025 to ruth;
      
      insert into t1_025 values ( 1, 1 );
      
      connect 'jdbc:derby:memory:db;user=ruth;password=ruthpassword' as ruth;
      
      -- fails, saying that ruth doesn't have UPDATE privilege on test_dbo.t1_025.a
      update test_dbo.t1_025 set e_update_t1_ruth = 17;
      
      set connection dbo;
      
      drop trigger t1_025_upd_before;
      
      set connection ruth;
      
      -- without the trigger, the statement succeeds
      update test_dbo.t1_025 set e_update_t1_ruth = 17;
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: