Cannot CREATE VIEW that selects from a system table, despite having all grants [CORE5060] #5347
Assignees
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
|
Commented by: @AlexPeshkoff The problem fixed was wider than one noticed by Lukas - non-DBA user could not create any view containing some other table/view. That was due to the check of database security class removed in other places but kept in view creation check. Database security class is now used for database-level DDL rights control and makes no sense in view creation for individual tables. |
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 RC2 [ 10048 ] |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Done successfully |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
|
Commented by: Lukas Eder (lukas.eder) Interesting discovery, Alexander, thanks a lot for the fix! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: Lukas Eder (lukas.eder)
I have created a user TEST, using which I can access the system tables:
SQL> SELECT 1 FROM rdb$database;
============
1
I have granted ALL PRIVILEGES, including creating views to this user. For instance:
SQL> create view v as select 1 a from t_book;
SQL> select * from v;
============
1
1
1
1
SQL> rollback;
SQL> drop view v;
But when I want to create a view that selects from the system table, something goes wrong:
SQL> create view v as select 1 a from rdb$database;
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-CREATE VIEW V failed
-no permission for SELECT access to TABLE/VIEW RDB$DATABASE
From a high level, I would say that this is a bug, right?
Commits: aa55704 FirebirdSQL/fbt-repository@4e5cd0c
The text was updated successfully, but these errors were encountered: