You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fixed. We now check user rights also in recursive sql.
This means tables under views are checked for user rights properly (we don't support materialized views)
Date: 2013-02-09 17:26:57 +0100
From: @bartscheers
To: SQL devs <>
Version: 11.15.1 (Feb2013)
CC: @njnes
Last updated: 2013-03-07 12:41:23 +0100
Comment 18456
Date: 2013-02-09 17:26:57 +0100
From: @bartscheers
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20100101 Firefox/16.0
Build Identifier:
A user having only select privileges on a table is allowed to do so when a sql function performs the insert into the table.
Reproducible: Always
Steps to Reproduce:
Actual Results:
row inserted, updated, deleted
Expected Results:
A insufficient privileges message for all cases, and no execution of function
Comment 18457
Date: 2013-02-09 17:32:58 +0100
From: @bartscheers
Created attachment 178
contains the necessary test files
Comment 18471
Date: 2013-02-13 16:00:33 +0100
From: @njnes
Changeset fffd420f1ee8 made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=fffd420f1ee8
Changeset description:
Comment 18472
Date: 2013-02-13 16:02:55 +0100
From: @njnes
fixed. We now check user rights also in recursive sql.
This means tables under views are checked for user rights properly (we don't support materialized views)
Comment 18592
Date: 2013-03-07 12:41:23 +0100
From: @sjoerdmullender
Feb2013-SP1 has been released.
The text was updated successfully, but these errors were encountered: