Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New object rights for enhanced security [CORE2884] #3268

Closed
firebird-automations opened this issue Feb 23, 2010 · 8 comments
Closed

New object rights for enhanced security [CORE2884] #3268

firebird-automations opened this issue Feb 23, 2010 · 8 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Claudio Valderrama C. (robocop)

Is related to CORE735
Is related to QA655

Votes: 2

The core engine needs to have syntax (GRANT, REVOKE) to apply security to generators, charsets, collations, domains, functions and exceptions.

EXECUTE permission for functions, USAGE permission for everything else. The SQL spec defines USAGE for domains and sequences.

It should be possible to grant any non-owner permissions to ALTER or DROP a particular object. Also, there should be a CREATE privilege allowing a granted user to create particular object types. It applies to all metadata objects, not only the new ones.

Commits: e956e2e

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0 Alpha 1 [ 10331 ]

Version: 3.0 Alpha 1 [ 10331 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue is related to CORE735 [ CORE735 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => In Progress [ 3 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

EXECUTE/USAGE permissions are implemented. CREATE/ALTER/DROP permissions are covered by CORE735.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: In Progress [ 3 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Link: This issue is related to QA655 [ QA655 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @reevespaul

The release notes say that generators and exceptions must now be granted USAGE to all users other than SYSDBA and the db owner.

I can understand doing this for generators but I don't understand this at all for exceptions. Surely USAGE should be automatically granted to the procedure or table/trigger that will fire the exception ? ie, if the user has the authority to execute the procedure it should have an implicit usage granted.

What is the point of throwing this sort of error:

no permission for USAGE access to EXCEPTION ....

instead of the real error?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants