New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New object rights for enhanced security [CORE2884] #3268
Comments
Modified by: @dyemanovassignee: Dmitry Yemanov [ dimitr ] |
Modified by: @dyemanovstatus: Open [ 1 ] => In Progress [ 3 ] |
Commented by: @reevespaul The release notes say that generators and exceptions must now be granted USAGE to all users other than SYSDBA and the db owner. I can understand doing this for generators but I don't understand this at all for exceptions. Surely USAGE should be automatically granted to the procedure or table/trigger that will fire the exception ? ie, if the user has the authority to execute the procedure it should have an implicit usage granted. What is the point of throwing this sort of error: no permission for USAGE access to EXCEPTION .... instead of the real error? |
Submitted by: Claudio Valderrama C. (robocop)
Is related to CORE735
Is related to QA655
Votes: 2
The core engine needs to have syntax (GRANT, REVOKE) to apply security to generators, charsets, collations, domains, functions and exceptions.
EXECUTE permission for functions, USAGE permission for everything else. The SQL spec defines USAGE for domains and sequences.
It should be possible to grant any non-owner permissions to ALTER or DROP a particular object. Also, there should be a CREATE privilege allowing a granted user to create particular object types. It applies to all metadata objects, not only the new ones.
Commits: e956e2e
The text was updated successfully, but these errors were encountered: