[TRAFODION-1594] Select from table returns data even though user has no privs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: None
Fix Version/s: None
Component/s: sql-security
Labels:
None

Description

A user was able to select data from a table where the user had no privs.

case:
DB__ROOT created a schema on behalf of sql_user1.
The following tables were created in this schema - games, teams, and players.

sql_user1 granted select privilege to sql_user7 on table games.
sql_user7 was able to select from both games and teams. sql_user7 was not able to select from players.

Looking at the metadata indicated that sql_user7 indeed did not have privileges an table teams.

When sql_user7 reconnected, they were not able to select from teams.

The thought is that perhaps there was some stale cache in mxorsrv

Attachments

Activity

People

Assignee:: Roberta Marton

Reporter:: Roberta Marton

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Nov/15 17:39

Updated:: 14/Oct/16 19:40

Resolved:: 14/Oct/16 19:40