Issue Details (XML | Word | Printable)

Key: CORE-136
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: ded
Votes: 0
Watchers: 2

If you were logged in you would be able to see more operations.
Firebird Core

Grant Update became useless

Created: 14/May/02 12:00 AM   Updated: 16/Oct/14 02:59 PM
Component/s: Engine
Affects Version/s: None
Fix Version/s: None

Issue Links:

SF_ID: 555868

 Description  « Hide
SFID: 555868#
Submitted By: ded

Grant Update allows to update only whole table and
don't allow to update particular records.

Connect as SYSDBA


Insert Into Test (ID) Values (1);

Grant Update on Test To TestUser;

Connect as TestUser;

Update Test Set Name='TEST' Where ID=1;

Builds 796, 794, 681: SQLCODE 551 no permission for
read/select access

Build 338 - OK.

Update without Where clause works on all builds.

Alexander V.Nevsky

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov added a comment - 16/Oct/14 02:59 PM
It was treated as a bug for many years. And the SQL specification says nothing about the SELECT permission being required for searched UPDATE/DELETE statements. However, the same issue exists (and documented) at least in MySQL, PGSQL and MSSQL. I really don't know what we should do with this ticket.