[TRAFODION-2538] Revoking privileges from role not invoking query invalidation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: sql-cmp, sql-security
Labels:
None

Description

Privilege information is cached. When a revoke is performed, query invalidation occurs. Query invalidation sends the revoke operation to RMS and each executor process checks for keys. If the key affect cache, the cache entry is refreshed.

Query invalidation keys are not be created for revoke privileges from roles.

Create a table
create a role
grant select, insert on table to role;
grant role to user1.

as user1, select and insert into table

in another session, revoke insert from role

user1 should no longer be able to insert

Attachments

Issue Links

links to

GitHub Pull Request #1010

Activity

People

Assignee:: Roberta Marton

Reporter:: Roberta Marton

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Mar/17 22:55

Updated:: 17/Mar/17 22:00

Resolved:: 17/Mar/17 22:00