New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grants access on generators (gen_id, next value for) [CORE2553] #2963
Comments
Commented by: @dyemanov The SQL specification declares only the USAGE permission for sequences (NEXT VALUE FOR) and I strongly believe we should go this way. However, I might agree that SELECT/UPDATE sounds more appropriate for GEN_ID. From another side, what is SELECT for GEN_ID? Zero increment? But this value may be unknown at the prepare stage when the permissions are validated. |
Modified by: @dyemanovpriority: Critical [ 2 ] => Major [ 3 ] Fix Version: 3.0 Alpha 1 [ 10331 ] summary: Grants access on generators (gen_id, next value for) => Grants access on generators (gen_id, next value for) security: Developers [ 10012 ] => |
Commented by: eXandr (i.reg) If no permissions - rase error. Zero increment - wrong way. |
Modified by: @dyemanovassignee: Dmitry Yemanov [ dimitr ] |
Commented by: Vannus (vannus) Just agreeing with op. At the moment, any user can run the SQL below and cause primary key problems. ALTER SEQUENCE Table_ID RESTART WITH 123 - V |
Modified by: @dyemanovstatus: Open [ 1 ] => In Progress [ 3 ] |
Modified by: @dyemanovstatus: In Progress [ 3 ] => Open [ 1 ] |
Commented by: @pavel-zotov Seems that this ticket should be reopened. Consider following (do it on empty database and completely new security3.fdb): C:\FBTESTING\qa\fbt-repo\tmp>C:\1INSTALL\FIREBIRD\fb30sC\isql.exe localhost/3330:e30 RDB$USER SYSDBA SQL> commit; connect 'localhost/3330:e30' user 'maverick' password '123'; SQL> alter sequence g_main restart with 567891004; SQL> select gen_id(g_main, -123654789) from rdb$database; GEN_ID -123654789 ----------------------- Why no error here ? SQL> show sequ; SQL> select * from mon$attachments where mon$attachment_id=current_connection; MON$ATTACHMENT_ID 5 SQL> quit; |
Commented by: @pavel-zotov Reopen ticket - see my issue of 09/May/15 09:39 PM. Currently (WI-T3.0.0.31846) its all the same: C:\FBTESTING\qa\fbt-repo\tmp>C:\1INSTALL\FIREBIRD\fb30sC\isql.exe /3330:e30 -user sysdba -pas masterke C:\FBTESTING\qa\fbt-repo\tmp>C:\1INSTALL\FIREBIRD\fb30sC\isql.exe /3330:e30 -user maverick -pas 123
===================== SQL> show sequ; |
Modified by: @pavel-zotovQA Status: No test |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Done successfully Test Details: Test not needed for this ticket. |
Submitted by: eXandr (i.reg)
Is duplicated by CORE1141
Relate to CORE4806
Is related to QA644
Votes: 2
Need to manage the privileges for the generators, like RED Database:
GRANT SELECT | UPDATE ON GENERATOR|SEQUNCE {generator}
TO {user | role} [WITH GRANT OPTION]
REVOKE SELECT | UPDATE ON GENERATOR|SEQUNCE
{generator} FROM {user | role}
REVOKE GRANT OPTION FOR SET | GET ON
GENERATOR|SEQUNCE {generator} FROM {user | role}
====== Test Details ======
Test not needed for this ticket.
See core_4806.fbt instead.
The text was updated successfully, but these errors were encountered: