[TRAFODION-2407] Need include privilege checking on 'PUBLIC' when getting privileges for a user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: sql-security
Labels:
None

Description

Some privilege checking for specific commands will be affected by privileges on PUBLIC, so we'd better include privilege checking for PUBLIC when getting privileges for a user.

For example, we have privilege checking for SHOWDDL commands. To perform a SHOWDDL one must:
– be DB__ROOT
– be object owner
– have the SHOW privilege (PUBLIC & DB__ROOTROLE has priv)
– have SELECT privileges on object

So a user can do showddl on any objects if PUBLIC has SHOW component privilege.

Attachments

Activity

People

Assignee:: Roberta Marton

Reporter:: Gao, Rui-Xian

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Dec/16 15:00

Updated:: 15/Sep/18 07:30

Resolved:: 17/Apr/18 15:40