Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Grant Update became useless [CORE136] #462

Closed
firebird-automations opened this issue May 14, 2002 · 13 comments
Closed

Grant Update became useless [CORE136] #462

firebird-automations opened this issue May 14, 2002 · 13 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: ded (ded)

Is duplicated by CORE3224

SFID: 555868#⁠
Submitted By: ded

Grant Update allows to update only whole table and
don't allow to update particular records.

Connect as SYSDBA

CREATE TABLE TEST(
ID INTEGER,
NAME VARCHAR(50));

Insert Into Test (ID) Values (1);

Grant Update on Test To TestUser;

Connect as TestUser;

Update Test Set Name='TEST' Where ID=1;

Builds 796, 794, 681: SQLCODE 551 no permission for
read/select access
to TABLE TEST.

Build 338 - OK.

Update without Where clause works on all builds.

Alexander V.Nevsky

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Component: Engine [ 10000 ]

assignee: Dmitry Yemanov [ dimitr ]

SF_ID: 555868 =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

assignee: Dmitry Yemanov [ dimitr ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0 [ 10048 ]

assignee: Dmitry Yemanov [ dimitr ]

SF_ID: 555868 =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 10160 ] => Firebird [ 14371 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0 Alpha 1 [ 10331 ]

Fix Version: 3.0.0 [ 10048 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue is duplicated by CORE3224 [ CORE3224 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0 Beta 1 [ 10332 ]

Fix Version: 3.0 Alpha 1 [ 10331 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ] => Alexander Peshkov [ alexpeshkoff ]

Fix Version: 3.0 Beta 2 [ 10586 ]

Fix Version: 3.0 Beta 1 [ 10332 ] =>

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

It was treated as a bug for many years. And the SQL specification says nothing about the SELECT permission being required for searched UPDATE/DELETE statements. However, the same issue exists (and documented) at least in MySQL, PGSQL and MSSQL. I really don't know what we should do with this ticket.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0 Beta 2 [ 10586 ] =>

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

Found in the SQL spec that any column referenced inside the WHERE clause or inside the source side of the SET clause requires a SELECT privilege for the appropriate column.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Won't Fix [ 2 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants