Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

It is impossible to take away rights on update of a column [CORE885] #1278

Closed
firebird-automations opened this issue Aug 1, 2006 · 13 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Ayazyan Vasiliy (vasya)

Relate to CORE1083

Situation following:

I give rights to the user on update of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I connect under user USER1 and I create role ROLE1

Then I give rights to role ROLE1 on update of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

sorry for my english :)

Help people!

Commits: 6d2eee9

@firebird-automations
Copy link
Collaborator Author

Modified by: Ayazyan Vasiliy (vasya)

description: ????????? ????????? ??????, ???????? ??????????? ? ?????????.
???????? ?????????:

??? ????? ???????????? ?? ????????? ??????? ??????? ? ???????????? ?? ????????.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

??????????? ??? ????????????? USER1 ? ?????? ???? ROLE1

????? ??? ????? ???? ROLE1 ?? ????????? ??????? COL1 ??????? TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

????? ????? ?????? ??? ????? ? ???? ROLE1 ???????? ??? ????????????? USER1 ?? ??????????! ?????? REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 ??????

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke(1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

?????????? ???? ????? ?????, ? ?????? - ????

?????? Firebird - 2.0.0.

???????? ?? 1.5.0, 1.5.2 ? 1.5.3

???????? ????!

=>

Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I come under user USER1 and I create role ROLE1

Then I give rights of role ROLE1 on change of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE T1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

Help people!

summary: ?????????? ?????? ????? ?? ????????? ??????? => It is impossible to take away rights on change of a column

@firebird-automations
Copy link
Collaborator Author

Modified by: Ayazyan Vasiliy (vasya)

description: Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I come under user USER1 and I create role ROLE1

Then I give rights of role ROLE1 on change of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE T1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

Help people!

=>

Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I come under user USER1 and I create role ROLE1

Then I give rights of role ROLE1 on change of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

Help people!

@firebird-automations
Copy link
Collaborator Author

Modified by: Ayazyan Vasiliy (vasya)

description: Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I come under user USER1 and I create role ROLE1

Then I give rights of role ROLE1 on change of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

Help people!

=>

Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I connect under user USER1 and I create role ROLE1

Then I give rights to role ROLE1 on update of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

sorry for my english :)

Help people!

@firebird-automations
Copy link
Collaborator Author

Modified by: Ayazyan Vasiliy (vasya)

priority: Major [ 3 ] => Critical [ 2 ]

Version: 2.0 RC2 [ 10032 ]

Version: 1.5.3 [ 10028 ]

Version: 1.5.2 [ 10027 ]

Version: 1.5.0 [ 10025 ]

description: Situation following:

I give rights to the user on change of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I connect under user USER1 and I create role ROLE1

Then I give rights to role ROLE1 on update of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

sorry for my english :)

Help people!

=>

Situation following:

I give rights to the user on update of a column of the table with an opportunity of their transfer.

GRANT UPDATE (COL1) ON TAB1 TO USER1 WITH GRANT OPTION

I connect under user USER1 and I create role ROLE1

Then I give rights to role ROLE1 on update of column COL1 of table TAB1:

GRANT UPDATE (COL1) ON TAB1 TO ROLE1

After that to take away these rights from role ROLE1 being under user USER1 it is impossible! Inquiry REVOKE UPDATE (COL1) ON TAB1 FROM ROLE1 gives out

This operation is not defined for system tables.
unsuccessful metadata update.
ERASE RDB$USER_PRIVILEGES failed in revoke (1).
no permission for control access to TABLE TAB1.
At trigger 'RDB$TRIGGER_8'.

It turns out to give rights it is possible and to take away - is not present?

Version Firebird - 2.0.0.

Tried on 1.5.0, 1.5.2 and 1.5.3

sorry for my english :)

Help people!

@firebird-automations
Copy link
Collaborator Author

Modified by: Ayazyan Vasiliy (vasya)

summary: It is impossible to take away rights on change of a column => It is impossible to take away rights on update of a column

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

priority: Critical [ 2 ] => Major [ 3 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue relate to CORE1083 [ CORE1083 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Problem was caused by incomplete check of access rights to records in RDB$RELATION_FIELDS. RDB$RELATIONS security class was taken into account, but one from RDB$RELATION_FIELDS itself - not.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 1 [ 10141 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 11110 ] => Firebird [ 14465 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment