You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reproduce it on SuperServer execute:
-------------------------------------------------------
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> create table t(i integer);
SQL> insert into t values (1);
SQL> commit;
SQL> ^Droman:bin$
roman:bin$ ./gsec
GSEC> add test -pw test
GSEC> roman:bin$
roman:bin$ ./isql -user test -password test
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb', User: test
SQL> set term ^;
SQL> edit^
SQL> set term ;^
SQL> commit;
SQL> show procedures;
Procedure Name Invalid Dependency, Type
================================= ======= =====================================
P T, Table
SQL> execute procedure p;
Statement failed, SQLSTATE = 28000
no permission for update/write access to TABLE T
SQL> ^Droman:bin$
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> grant update(i) on t to test;
SQL> commit;
SQL> ^Droman:bin$
roman:bin$ ./isql -user test -password test
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb', User: test
SQL> execute procedure p;
Statement failed, SQLSTATE = 28000
no permission for update/write access to COLUMN T.I
SQL> update t set i = 3;
SQL> ^Droman:bin$
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> select * from t;
I
============
3
-------------------------------------------------------
Procedure which is used in test case declared as:
create procedure p
as
begin
update t set i = 2;
end
The text was updated successfully, but these errors were encountered:
When procedure is compiled fields use default security class, but after granting field level privileges their security classes are changed which cause to check relation security class instead of field security class. I suggest to make field security class permanent and generate them when field is defining like in patch:
diff --git a/src/jrd/drq.h b/src/jrd/drq.h
index f034ee9..f067998 100644
--- a/src/jrd/drq.h
+++ b/src/jrd/drq.h
@@ -219,6 +219,7 @@ const int drq_l_xcp_name = 165; // lookup exception name
const int drq_l_gen_name = 166; // lookup generator name
const int drq_e_grant3 = 167; // revoke all on all
const int drq_s2_difference = 168; // Store backup difference file, DYN_mod's change_backup_mode
-const int drq_MAX = 169;
+const int drq_g_nxt_fsc_id = 169; // generate next field security class id
+const int drq_MAX = 170;
I implemented another way to fix. If field level permissions were changed we reset metadata cache. I did not implement selection of procedures to reset which depend on changed field since it overhead which may not be good and cost about the same as restore metadata cache.
Submitted by: @romansimakov
To reproduce it on SuperServer execute:
-------------------------------------------------------
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> create table t(i integer);
SQL> insert into t values (1);
SQL> commit;
SQL> ^Droman:bin$
roman:bin$ ./gsec
GSEC> add test -pw test
GSEC> roman:bin$
roman:bin$ ./isql -user test -password test
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb', User: test
SQL> set term ^;
SQL> edit^
SQL> set term ;^
SQL> commit;
SQL> show procedures;
Procedure Name Invalid Dependency, Type
================================= ======= =====================================
P T, Table
SQL> execute procedure p;
Statement failed, SQLSTATE = 28000
no permission for update/write access to TABLE T
SQL> ^Droman:bin$
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> grant update(i) on t to test;
SQL> commit;
SQL> ^Droman:bin$
roman:bin$ ./isql -user test -password test
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb', User: test
SQL> execute procedure p;
Statement failed, SQLSTATE = 28000
no permission for update/write access to COLUMN T.I
SQL> update t set i = 3;
SQL> ^Droman:bin$
roman:bin$ ./isql
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect 'localhost:/tmp/429.fdb';
Database: 'localhost:/tmp/429.fdb'
SQL> select * from t;
============
3
-------------------------------------------------------
Procedure which is used in test case declared as:
create procedure p
as
begin
update t set i = 2;
end
The text was updated successfully, but these errors were encountered: