Issue Details (XML | Word | Printable)

Key: CORE-2233
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Dmitry Yemanov
Reporter: Dmitry Yemanov
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Allow non-SYSDBA users to monitor not only their current attachment but other their attachments as well

Created: 10/Dec/08 06:17 AM   Updated: 28/May/15 02:59 PM
Component/s: Engine
Affects Version/s: 2.1.0, 2.5 Alpha 1, 2.1.1
Fix Version/s: 2.1.2, 2.5 Beta 1

Issue Links:
Relate
 

QA Status: Done successfully
Test Details:
Implemented using test_type = 'ISQL'.
Main idea: run execute statement on EXTERNAL datasource and specify every time
different ROLE (no matter is that role exists or no - new connection always will be
etsblished and will be provided with new attachment_id in mon$attachments).


 Description  « Hide
By the original design, non-privileged database users are allowed to see only their own attachment information inside the monitoring tables. It has been requested to allow them to see other attachments authenticated using the same user name.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Claudio Valderrama C. added a comment - 10/Dec/08 06:34 AM
Not sure this is a good idea if there's middleware that logs in multiple times with the same user, but the end user is different.

Dmitry Yemanov added a comment - 10/Dec/08 06:47 AM
In the worst case (middleware works with SYSDBA or DBO permissions) this issue exists since v2.1.0. Maybe the middleware should not expose the monitoring features to the end user in this case?