Issue Details (XML | Word | Printable)

Key: CORE-2884
Type: New Feature New Feature
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Dmitry Yemanov
Reporter: Claudio Valderrama C.
Votes: 2
Watchers: 3
Operations

If you were logged in you would be able to see more operations.
Firebird Core

New object rights for enhanced security

Created: 23/Feb/10 07:43 AM   Updated: 30/Jun/17 02:41 PM
Component/s: Engine
Affects Version/s: None
Fix Version/s: 3.0 Alpha 1

Issue Links:
Relate
 


 Description  « Hide
The core engine needs to have syntax (GRANT, REVOKE) to apply security to generators, charsets, collations, domains, functions and exceptions.

EXECUTE permission for functions, USAGE permission for everything else. The SQL spec defines USAGE for domains and sequences.

It should be possible to grant any non-owner permissions to ALTER or DROP a particular object. Also, there should be a CREATE privilege allowing a granted user to create particular object types. It applies to all metadata objects, not only the new ones.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov added a comment - 19/Mar/13 08:49 AM
EXECUTE/USAGE permissions are implemented. CREATE/ALTER/DROP permissions are covered by CORE-735.

Paul Reeves added a comment - 30/Jun/17 02:41 PM
The release notes say that generators and exceptions must now be granted USAGE to all users other than SYSDBA and the db owner.

I can understand doing this for generators but I don't understand this at all for exceptions. Surely USAGE should be automatically granted to the procedure or table/trigger that will fire the exception ? ie, if the user has the authority to execute the procedure it should have an implicit usage granted.

What is the point of throwing this sort of error:

  no permission for USAGE access to EXCEPTION ....

instead of the real error?