User without ALTER ANY ROLE privilege can use COMMENT ON ROLE [CORE6489] #6719
Assignees
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
|
Commented by: @AlexPeshkoff Bug depends upon initial layout of database when CREATE DATABASE was issued, i.e. to have it fixed it's not enough to just upgrade firebird, one should recreate problematic database using for example backup/restore by gbak. |
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 4.0.0 [ 10931 ] Fix Version: 3.0.8 [ 10960 ] |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: No test => Done successfully |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: @mrotteveel
A normal user without the ALTER ANY ROLE privilege is allowed to put comments on roles.
```
create user testuser password 'testuser';
commit;
connect '<db>' user testuser password 'testuser';
comment on role rdb$admin is 'unprivileged comment';
commit;
```
The comment is added on role RDB$ADMIN without error, expected behaviour is an error with a message like:
"""
Statement failed, SQLSTATE = 28000
unsuccessful metadata update
-COMMENT ON XYZ failed
-no permission for ALTER access to ROLE RDB$ADMIN
-Effective user is TESTUSER
"""
Commits: 04598a6 3f2e1ea
The text was updated successfully, but these errors were encountered: