Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow non-SYSDBA users to monitor not only their current attachment but other their attachments as well [CORE2233] #2660

Closed
firebird-automations opened this issue Dec 10, 2008 · 13 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @dyemanov

Is related to QA228

By the original design, non-privileged database users are allowed to see only their own attachment information inside the monitoring tables. It has been requested to allow them to see other attachments authenticated using the same user name.

Commits: ca0df9c 25dc79d

====== Test Details ======

Implemented using test_type = 'ISQL'.
Main idea: run execute statement on EXTERNAL datasource and specify every time
different ROLE (no matter is that role exists or no - new connection always will be
etsblished and will be provided with new attachment_id in mon$attachments).

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => In Progress [ 3 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Claudio Valderrama C. (robocop)

Not sure this is a good idea if there's middleware that logs in multiple times with the same user, but the end user is different.

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

In the worst case (middleware works with SYSDBA or DBO permissions) this issue exists since v2.1.0. Maybe the middleware should not expose the monitoring features to the end user in this case?

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 2.1.2 [ 10270 ]

Fix Version: 2.5 Beta 1 [ 10251 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: In Progress [ 3 ] => Open [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pmakowski

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Link: This issue is related to QA228 [ QA228 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: Done successfully

Test Details: Implemented using test_type = 'ISQL'.
Main idea: run execute statement on EXTERNAL datasource and specify every time
different ROLE (no matter is that role exists or no - new connection always will be
etsblished and will be provided with new attachment_id in mon$attachments).

@PJosue100
Copy link

Hello

One question I am trying to monitor the status of the database through the monitoring tables, exposing the results in a web service. However, when I execute the query with the required information, it shows me a limited number of records depending on the user I am using.
Example query:

SELECT
A.MON$TRANSACTION_ID,
A.MON$TIMESTAMP,
A.MON$ATTACHMENT_ID,
B.MON$USER,
B.MON$REMOTE_ADDRESS,
B.MON$ATTACHMENT_NAME,
B.MON$REMOTE_PROCESS
DESDE
MON$TRANSACTIONS TO
LEFT JOIN
MON$ATTACHMENTS B ON
B.MON$ATTACHMENT_ID = A.MON$ATTACHMENT_ID
ORDER BY
A.MON$TRANSACTION_ID;

Is there any way that a common user can have access to all the information in those tables.

The version of firebird used is: 2.5.9

@AlexPeshkoff
Copy link
Member

@PJosue100 that's wrong place to ask support questions, please use firebird-support@googlegroups.com instead.
In brief - in 2.5.9 the only way to see other's attachments is to grant role rdb$admin. For better access control please upgrade to FB4.

@PJosue100
Copy link

@AlexPeshkoff I understand, thanks for the information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment