Issue Details (XML | Word | Printable)

Key: CORE-5248
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Mark Rotteveel
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Improve consistency in GRANT syntax between roles and privileges according to SQL standard

Created: 20/May/16 08:25 AM   Updated: 30/Aug/16 02:08 PM
Component/s: Engine, Security
Affects Version/s: None
Fix Version/s: 3.0.1, 4.0 Alpha 1

File Attachments: 1. File adminOption.sql (2 kB)


QA Status: Done successfully


 Description  « Hide
The current syntax of GRANT is inconsistent between privileges and roles. Specifically, for privileges there is the `WITH GRANT OPTION`, while for roles there is the `WITH ADMIN OPTION` which has a similar effect (looking at the langref).

I would propose that for roles the `WITH GRANT OPTION` is also added. The `WITH GRANT OPTION` means that the user can 1) grant this role to users and 2) revoke from users the role granted by this user, while `WITH ADMIN OPTION` means that 1) the user can grant privileges to this role and 2) grant this role to users and 3) revoke this role from all users irrespective of the grantee.

For privileges a `WITH ADMIN OPTION` could be added with the same meaning as `WITH GRANT OPTION` for consistency purposes.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Mark Rotteveel made changes - 20/May/16 08:34 AM
Field Original Value New Value
Description The current syntax of GRANT is inconsistent between privileges and roles. Specifically, for privileges there is the `WITH GRANT OPTION`, while for roles there is the `WITH ADMIN OPTION` which has a similar effect (looking at the langref).

I would propose that for roles the `WITH GRANT OPTION` is also added. The `WITH GRANT OPTION` means that the user can 1) grant this role to users and 2) revoke from users the role granted by this user, while `WITH ADMIN OPTION` means that 1) the user can grant privileges to this role and 2) grant this role to users and 3) revoke this role from all users irrespective of the grantee.
The current syntax of GRANT is inconsistent between privileges and roles. Specifically, for privileges there is the `WITH GRANT OPTION`, while for roles there is the `WITH ADMIN OPTION` which has a similar effect (looking at the langref).

I would propose that for roles the `WITH GRANT OPTION` is also added. The `WITH GRANT OPTION` means that the user can 1) grant this role to users and 2) revoke from users the role granted by this user, while `WITH ADMIN OPTION` means that 1) the user can grant privileges to this role and 2) grant this role to users and 3) revoke this role from all users irrespective of the grantee.

For privileges a `WITH ADMIN OPTION` could be added with the same meaning as `WITH GRANT OPTION` for consistency purposes.
Alexander Peshkov made changes - 20/May/16 08:35 AM
Assignee Alexander Peshkov [ alexpeshkoff ]
Alexander Peshkov made changes - 20/May/16 08:38 AM
Priority Minor [ 4 ] Major [ 3 ]
Alexander Peshkov made changes - 20/May/16 08:39 AM
Issue Type Improvement [ 4 ] Bug [ 1 ]
Alexander Peshkov made changes - 24/Aug/16 03:47 PM
Summary Improve consistency in GRANT syntax between roles and privileges Improve consistency in GRANT syntax between roles and privileges according to SQL standard
Alexander Peshkov made changes - 24/Aug/16 03:53 PM
Attachment adminOption.sql [ 13005 ]
Alexander Peshkov made changes - 25/Aug/16 12:14 PM
Status Open [ 1 ] Resolved [ 5 ]
Fix Version/s 3.0.1 [ 10730 ]
Fix Version/s 4.0 Alpha 1 [ 10731 ]
Resolution Fixed [ 1 ]
Pavel Zotov made changes - 30/Aug/16 02:01 PM
Status Resolved [ 5 ] Resolved [ 5 ]
QA Status No test Done successfully
Pavel Zotov made changes - 30/Aug/16 02:08 PM
Status Resolved [ 5 ] Closed [ 6 ]