Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
Description
Background:
Partial revoke
For examples:
1. When a role has been granted "all" on table and the role already has select/insert on privileges, they are removed automatically as "all" covers the "select/insert".
2. When a role already has "all" privileges on a table and "select" privilege are revoked, "all" privileges is revoked and "insert" is added automatically as there are only "select", "insert", and "all".
Hierarchical privileges:
Revoking privilege on a database would effect the privileges granted to the tables in that database.
Problem:
For example:
1) User_A has "select" on table_B
2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as implicit privilege
3) User_A is not owner of table_B any more
based on partial invoke behavior, User_A will lose "select" on table_B after step 3). The desired behavior is for User_A still retains "select" on table_B after step 3)
Solution:
Only apply partial revoke to user configured privileges (explicit privilege), and not affect implicit privileges.