You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a schema owner (which always has the right to SELECT, INSERT, CREATE, etc.) also assumes the monetdb role, it loses the right to SELECT, INSERT, UPDATE and DELETE, but it can still CREATE, ALTER or DROP tables. This only happens for schema owners and not for regular users. If a regular user assumes the monetdb role, he does get all the privileges on tables.
Although the bug is fixed for user created schemas, it doesn't work with the default "sys" schema. Re-open it. The existing corresponding test will be extended to cover the new case as well.
Sorry, it was actually Vera who said she will extend the test. Guess it was lost among the many things she was trying to do during the wrap up. I need to dig in the old communications how to extend the test. I put this on the top of my list.
Checked with Niels, that similar queries don't work with the "sys" schema is a correct behaviour, not a bug. Therefore, change the status to resolved & fixed. Niels' earlier fix for the not-pre-created-schemas is already released in Jul2015.
The owner of the "sys" schema is the user "monetdb", hence, granting the role "monetDB" to another user doesn't give that user any rights about the "sys" schema. To pass admin rights to a user, the role "sysadmin" should be granted. Then the user will be able to create/drop/update/alter/etc tables in the "sys" schema.
To avoid future confusion, we should disallow granting a role which was automatically created for each user (with the same name as the user name).
The text was updated successfully, but these errors were encountered:
Date: 2015-07-19 23:29:12 +0200
From: vera <<vera.matei>>
To: SQL devs <>
Version: 11.19.15 (Oct2014-SP4)
CC: @njnes, @yzchang
Last updated: 2015-10-17 12:40:53 +0200
Comment 21026
Date: 2015-07-19 23:29:12 +0200
From: vera <<vera.matei>>
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Build Identifier:
When a schema owner (which always has the right to SELECT, INSERT, CREATE, etc.) also assumes the monetdb role, it loses the right to SELECT, INSERT, UPDATE and DELETE, but it can still CREATE, ALTER or DROP tables. This only happens for schema owners and not for regular users. If a regular user assumes the monetdb role, he does get all the privileges on tables.
Reproducible: Always
Comment 21028
Date: 2015-07-20 21:41:46 +0200
From: MonetDB Mercurial Repository <>
Changeset af031cf381f1 made by Vera Matei vera.matei@monetdbsolutions.com in the MonetDB repo, refers to this bug.
For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=af031cf381f1
Changeset description:
Comment 21047
Date: 2015-07-22 22:31:19 +0200
From: @njnes
fixed, ie both role and user id's are used to check for schema ownership
Comment 21165
Date: 2015-08-25 14:06:09 +0200
From: @yzchang
Although the bug is fixed for user created schemas, it doesn't work with the default "sys" schema. Re-open it. The existing corresponding test will be extended to cover the new case as well.
Comment 21306
Date: 2015-09-29 14:35:35 +0200
From: @sjoerdmullender
Jennie, did you extend the test as promised?
Comment 21312
Date: 2015-09-30 22:00:05 +0200
From: @yzchang
Sorry, it was actually Vera who said she will extend the test. Guess it was lost among the many things she was trying to do during the wrap up. I need to dig in the old communications how to extend the test. I put this on the top of my list.
Comment 21351
Date: 2015-10-17 12:40:53 +0200
From: @yzchang
Checked with Niels, that similar queries don't work with the "sys" schema is a correct behaviour, not a bug. Therefore, change the status to resolved & fixed. Niels' earlier fix for the not-pre-created-schemas is already released in Jul2015.
The owner of the "sys" schema is the user "monetdb", hence, granting the role "monetDB" to another user doesn't give that user any rights about the "sys" schema. To pass admin rights to a user, the role "sysadmin" should be granted. Then the user will be able to create/drop/update/alter/etc tables in the "sys" schema.
To avoid future confusion, we should disallow granting a role which was automatically created for each user (with the same name as the user name).
The text was updated successfully, but these errors were encountered: