Revoke privilege return dependent grant ERROR[1037]
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Trafodion |
New
|
Wishlist
|
Roberta Marton | ||
Bug Description
The DB__ROOT user is unable to revoke privilege granted to user after user grants privilege to another user. In the scenario below, the user is granted privilege with grant option. The user grants the privilege to another user. DB__ROOT is unable to revoke the original privilege and the WGO privilege that he first granted to the user. ERROR[1037] is returned.
Daily build: 20150613
Security is enabled.
SQL>create schema schema1;
--- SQL operation complete.
SQL>set schema schema1;
--- SQL operation complete.
SQL>create table tab1(a int, b int) no partition;
--- SQL operation complete.
SQL>grant select on tab1 to username1 with grant option;
--- SQL operation complete.
SQL>connect username1/
Connected to Trafodion
SQL>set schema schema1;
--- SQL operation complete.
SQL>grant select on tab1 to username2;
--- SQL operation complete.
SQL>connect db_root_
Connected to Trafodion
SQL>set schema schema1;
--- SQL operation complete.
SQL>revoke grant option for select on tab1 from username1;
*** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2
SQL>revoke grant option for select on tab1 from username1 cascade;
*** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2
SQL>revoke select on tab1 from username1 cascade;
*** ERROR[1037] Revoke failed because of a dependent grant between authorization ID USERNAME1 and authorization ID USERNAME2
SQL>drop schema schema1 cascade;
--- SQL operation complete.
| Roberta Marton (roberta-marton) wrote | #1 |
| Changed in trafodion: | |
| importance: | High → Wishlist |
This is the correct behavior until CASCADE behavior is supported.
To remove this as DB__ROOT
Perform "revoke select on tab1 from sql_user2 by sql_user1;" first.