Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ALTER CURRENT USER fails with "no permission for <...> TABLE PLG$SRP" if current user: 1) has NO admin role and 2) wants to modify his own TAGS list [CORE5827] #6088

Open
firebird-automations opened this issue May 16, 2018 · 2 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

connect 'localhost:employee' user SYSDBA password 'masterkey';

create user tmp$c3365
password 'UseSrp'
firstname 'Mary'
--grant admin role ----------------------- NB: no error will be raised if we UNCOMMENT this line
using plugin Srp
tags (
key1 = 'val111'
,key2 = 'val222'
,key3 = 'val333'
)
;
commit;

connect 'localhost:employee' user tmp$c3365 password 'UseSrp';

select current_user as who_am_i from rdb$database;

-- OUTPUT will be: WHO_AM_I TMP$C3365

commit;

--- passed w/o error:
alter current user
set password 'FooSrp' firstname 'Scott' lastname 'Tiger'
using plugin Srp
;
commit;

-- DOES raise error if current user has no admin role:
alter current user
using plugin Srp
tags (
Foo = 'Bar'
,key1 = 'val11'
,Rio = '1565'
,drop key3
,drop key2
)
;
Statement failed, SQLSTATE = 28000
modify record error
-no permission for SELECT access to TABLE PLG$SRP

If user has to be granted with ADMIN role to be able to modify his own TAGS list then this should be noted in documentation.
But it seems to me that user must have ability to change ALL his attributes (except active/inactive state), including TAGS list.

====== Test Details ======

::: NB :::
Code of this test must to be changed after ticket will be fixed!
See line with 'grant admin role' -- it must me COMMENTED.
Also, min_version should be set to 3.0.x rather than 4.0.0

Currently we check only ability to change TAGS list using 'ALTER CURRENT USER' statement\.
See also test for [CORE3365](https://github.com/FirebirdSQL/firebird/issues?q=CORE3365+in%3Atitle), but it checks only 'old' attributes which existed before FB 3\.0\.
@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

PS.

WI-V3.0.4.32972 -- use of 'grant admin role' does not help, error in any case.
It is behaviour of WI-T4.0.0.977 when 'grant admin role' allows to change current user his own TAGS list .

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Open [ 1 ] => Open [ 1 ]

QA Status: No test => Done with caveats

Test Details: ::: NB :::
Code of this test must to be changed after ticket will be fixed!
See line with 'grant admin role' -- it must me COMMENTED.
Also, min_version should be set to 3.0.x rather than 4.0.0

Currently we check only ability to change TAGS list using 'ALTER CURRENT USER' statement\.
See also test for [CORE3365](https://github.com/FirebirdSQL/firebird/issues?q=CORE3365+in%3Atitle), but it checks only 'old' attributes which existed before FB 3\.0\.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant