From 7a6807c4bb4b871fac22437c486b3aa4643ae515 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Tue, 8 Oct 2024 15:28:27 +0900 Subject: [PATCH 01/10] add test case for CBRD-25499 --- .../_22_grant/answers/01_grant_normal.answer | 58 +++++++++++++++++++ .../_22_grant/cases/01_grant_normal.sql | 36 ++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer create mode 100644 sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer new file mode 100644 index 0000000000..7bb10d003b --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer @@ -0,0 +1,58 @@ +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION sp1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 + + +=================================================== +Grants for DBA + + +=================================================== + +null + + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION sp1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 + + +=================================================== +0 + +=================================================== + +null + + +=================================================== +0 + +=================================================== +0 + diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql new file mode 100644 index 0000000000..77c365f6a9 --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql @@ -0,0 +1,36 @@ +--+ server-message on +-- verified the CBRD-25499 + +CREATE OR REPLACE FUNCTION sp1() return varchar as +begin + return 'hello'; +end; +CREATE USER t1 GROUPS dba; +GRANT EXECUTE ON PROCEDURE sp1 TO t1; + +CREATE OR REPLACE FUNCTION t1.sp2() return varchar as +begin + return 't1 hello'; +end; +GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba; + +SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SHOW GRANTS FOR T1; + +-- DBA needs not permission +SHOW GRANTS FOR DBA; + +call login('t1','') on class db_user; + +-- in t1 +SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SHOW GRANTS; + +drop function sp2; + + +call login('dba','') on class db_user; +drop user t1; +drop function sp1; + +--+ server-message off From dbff36bae44b3cfac9b1efd43c79e1ca1457da04 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Tue, 8 Oct 2024 15:47:48 +0900 Subject: [PATCH 02/10] supplement test case for CBRD-25506 --- .../_22_grant/answers/01_grant_normal.answer | 7 +++++++ .../_04_expression/_22_grant/cases/01_grant_normal.sql | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer index 7bb10d003b..47c8ad59ed 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer @@ -50,6 +50,13 @@ GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 null +=================================================== +0 + +=================================================== +Grants for T1 + + =================================================== 0 diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql index 77c365f6a9..d041820084 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql @@ -1,6 +1,7 @@ --+ server-message on --- verified the CBRD-25499 +-- verified the CBRD-25499, CBRD-25506 +-- GRANT test CREATE OR REPLACE FUNCTION sp1() return varchar as begin return 'hello'; @@ -30,6 +31,11 @@ drop function sp2; call login('dba','') on class db_user; + +-- REVOKE test (verify with CBRD-25506) +REVOKE EXECUTE ON PROCEDURE sp1 FROM t1; +SHOW GRANTS FOR T1; + drop user t1; drop function sp1; From c4a08ea303a23507897a2514aa3235fc89abd914 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Tue, 8 Oct 2024 15:51:32 +0900 Subject: [PATCH 03/10] renamed test case --- .../answers/{01_grant_normal.answer => 01_grant_plcsql.answer} | 0 .../_22_grant/cases/{01_grant_normal.sql => 01_grant_plcsql.sql} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/{01_grant_normal.answer => 01_grant_plcsql.answer} (100%) rename sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/{01_grant_normal.sql => 01_grant_plcsql.sql} (100%) diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_normal.answer rename to sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql similarity index 100% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_normal.sql rename to sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql From 694409ac8d2fed89a472cc5f0529a34a41ccdfd9 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Tue, 8 Oct 2024 16:09:28 +0900 Subject: [PATCH 04/10] add test case for CBRD-25506 --- .../_22_grant/answers/02_grant_javasp.answer | 0 .../_22_grant/cases/02_grant_javasp.sql | 39 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer create mode 100644 sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer new file mode 100644 index 0000000000..e69de29bb2 diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql new file mode 100644 index 0000000000..df347519de --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql @@ -0,0 +1,39 @@ +--+ server-message on +-- verified the CBRD-25506 + +-- GRANT test +CREATE FUNCTION test1() RETURN int as +language java name 'SpTest3.typetestint0() return int'; + +CREATE USER t1 GROUPS dba; +GRANT EXECUTE ON PROCEDURE test1 TO t1; + +CREATE FUNCTION t1.test2() RETURN int as +language java name 'SpTest3.typetestint0() return int'; +GRANT EXECUTE ON PROCEDURE t1.test2 TO dba; + +SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SHOW GRANTS FOR T1; + +-- DBA needs not permission +SHOW GRANTS FOR DBA; + +call login('t1','') on class db_user; + +-- in t1 +SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SHOW GRANTS; + +drop function test2; + + +call login('dba','') on class db_user; + +-- REVOKE test +REVOKE EXECUTE ON PROCEDURE test1 FROM t1; +SHOW GRANTS FOR T1; + +drop user t1; +drop function test1; + +--+ server-message off From f1978d388411a70504451251db3b57f1bcd39e3b Mon Sep 17 00:00:00 2001 From: swi0110 Date: Thu, 10 Oct 2024 12:48:42 +0900 Subject: [PATCH 05/10] add answer file --- .../_22_grant/answers/02_grant_javasp.answer | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer index e69de29bb2..a3552079ff 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer @@ -0,0 +1,65 @@ +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION test1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT EXECUTE ON PROCEDURE DBA.test1 TO T1 + + +=================================================== +Grants for DBA + + +=================================================== + +null + + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION test1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT EXECUTE ON PROCEDURE DBA.test1 TO T1 + + +=================================================== +0 + +=================================================== + +null + + +=================================================== +0 + +=================================================== +Grants for T1 + + +=================================================== +0 + +=================================================== +0 + From 522046e4202968d06cea192ca617b359e7d2be00 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Fri, 11 Oct 2024 14:07:00 +0900 Subject: [PATCH 06/10] reflected review --- .../_22_grant/answers/01_grant_plcsql.answer | 28 +++++++++++++++++++ .../_22_grant/cases/01_grant_plcsql.sql | 13 +++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer index 47c8ad59ed..cb74e0ccaf 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer @@ -10,17 +10,36 @@ =================================================== 0 +=================================================== +2 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + =================================================== 0 =================================================== grantor_name grantee_name object_type object_name owner_name auth_type is_grantable DBA T1 FUNCTION sp1 DBA EXECUTE NO +DBA T1 CLASS test1 DBA SELECT NO +DBA T1 VCLASS view1 DBA SELECT NO =================================================== Grants for T1 GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 +GRANT SELECT ON DBA.test1 TO T1 +GRANT SELECT ON DBA.view1 TO T1 =================================================== @@ -35,11 +54,15 @@ null =================================================== grantor_name grantee_name object_type object_name owner_name auth_type is_grantable DBA T1 FUNCTION sp1 DBA EXECUTE NO +DBA T1 CLASS test1 DBA SELECT NO +DBA T1 VCLASS view1 DBA SELECT NO =================================================== Grants for T1 GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 +GRANT SELECT ON DBA.test1 TO T1 +GRANT SELECT ON DBA.view1 TO T1 =================================================== @@ -55,7 +78,12 @@ null =================================================== Grants for T1 +GRANT SELECT ON DBA.test1 TO T1 +GRANT SELECT ON DBA.view1 TO T1 + +=================================================== +0 =================================================== 0 diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql index d041820084..a6657d0b14 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql +++ b/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql @@ -1,6 +1,7 @@ --+ server-message on -- verified the CBRD-25499, CBRD-25506 + -- GRANT test CREATE OR REPLACE FUNCTION sp1() return varchar as begin @@ -9,13 +10,20 @@ end; CREATE USER t1 GROUPS dba; GRANT EXECUTE ON PROCEDURE sp1 TO t1; +-- test with table&view +create table test1 (col1 int); +insert into test1 values(0),(2); +create view view1 as select * from test1; +GRANT SELECT ON test1 TO t1; +GRANT SELECT ON view1 TO t1; + CREATE OR REPLACE FUNCTION t1.sp2() return varchar as begin return 't1 hello'; end; GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba; -SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SELECT * FROM db_auth WHERE grantee_name = 'T1' ORDER BY object_name; SHOW GRANTS FOR T1; -- DBA needs not permission @@ -24,7 +32,7 @@ SHOW GRANTS FOR DBA; call login('t1','') on class db_user; -- in t1 -SELECT * FROM db_auth WHERE grantee_name = 'T1'; +SELECT * FROM db_auth WHERE grantee_name = 'T1' ORDER BY object_name; SHOW GRANTS; drop function sp2; @@ -38,5 +46,6 @@ SHOW GRANTS FOR T1; drop user t1; drop function sp1; +drop test1, view1; --+ server-message off From 12395700f721c09fbb6382c1f35b774932c59e04 Mon Sep 17 00:00:00 2001 From: swi0110 Date: Mon, 14 Oct 2024 16:33:29 +0900 Subject: [PATCH 07/10] Reflected review --- .../answers/01_grant_plcsql.answer | 118 ++++++++++++++++++ .../answers/02_grant_javasp.answer | 0 .../answers/03_error_check.answer} | 72 +++++++---- .../answers/04_recursive.answer | 52 ++++++++ .../cases/01_grant_plcsql.sql | 25 ++-- .../cases/02_grant_javasp.sql | 1 + .../cases/03_error_check.sql | 67 ++++++++++ .../_06_authorization/cases/04_recursive.sql | 70 +++++++++++ 8 files changed, 367 insertions(+), 38 deletions(-) create mode 100644 sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer rename sql/_05_plcsql/_01_testspec/{_04_expression/_22_grant => _06_authorization}/answers/02_grant_javasp.answer (100%) rename sql/_05_plcsql/_01_testspec/{_04_expression/_22_grant/answers/01_grant_plcsql.answer => _06_authorization/answers/03_error_check.answer} (56%) create mode 100644 sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer rename sql/_05_plcsql/_01_testspec/{_04_expression/_22_grant => _06_authorization}/cases/01_grant_plcsql.sql (83%) rename sql/_05_plcsql/_01_testspec/{_04_expression/_22_grant => _06_authorization}/cases/02_grant_javasp.sql (90%) create mode 100644 sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql create mode 100644 sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer new file mode 100644 index 0000000000..3cba548298 --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer @@ -0,0 +1,118 @@ +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +2 + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION sp1 DBA EXECUTE NO +DBA T1 CLASS test1 DBA SELECT NO +DBA T1 CLASS test1 DBA INSERT NO +DBA T1 CLASS test1 DBA UPDATE NO +DBA T1 CLASS test1 DBA DELETE NO +DBA T1 CLASS test1 DBA ALTER NO +DBA T1 CLASS test1 DBA INDEX NO +DBA T1 CLASS test1 DBA EXECUTE NO +DBA T1 VCLASS view1 DBA SELECT NO +DBA T1 VCLASS view1 DBA INSERT NO +DBA T1 VCLASS view1 DBA UPDATE NO +DBA T1 VCLASS view1 DBA DELETE NO +DBA T1 VCLASS view1 DBA ALTER NO +DBA T1 VCLASS view1 DBA INDEX NO +DBA T1 VCLASS view1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.test1 TO T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.view1 TO T1 +GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 + + +=================================================== + +null + + +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA T1 FUNCTION sp1 DBA EXECUTE NO +DBA T1 CLASS test1 DBA SELECT NO +DBA T1 CLASS test1 DBA INSERT NO +DBA T1 CLASS test1 DBA UPDATE NO +DBA T1 CLASS test1 DBA DELETE NO +DBA T1 CLASS test1 DBA ALTER NO +DBA T1 CLASS test1 DBA INDEX NO +DBA T1 CLASS test1 DBA EXECUTE NO +DBA T1 VCLASS view1 DBA SELECT NO +DBA T1 VCLASS view1 DBA INSERT NO +DBA T1 VCLASS view1 DBA UPDATE NO +DBA T1 VCLASS view1 DBA DELETE NO +DBA T1 VCLASS view1 DBA ALTER NO +DBA T1 VCLASS view1 DBA INDEX NO +DBA T1 VCLASS view1 DBA EXECUTE NO + + +=================================================== +Grants for T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.test1 TO T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.view1 TO T1 +GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 + + +=================================================== +0 + +=================================================== +0 + +=================================================== + +null + + +=================================================== +Grants for DBA +GRANT EXECUTE ON PROCEDURE T1.sp2 TO DBA + + +=================================================== +0 + +=================================================== +0 + +=================================================== +Grants for T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.test1 TO T1 +GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.view1 TO T1 + + +=================================================== +0 + +=================================================== +0 + +=================================================== +0 + diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_grant_javasp.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_grant_javasp.answer diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_check.answer similarity index 56% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_check.answer index cb74e0ccaf..00fbbf5f36 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/01_grant_plcsql.answer +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_check.answer @@ -5,13 +5,15 @@ 0 =================================================== -0 + +Comparison to table and sp grant/revoke + =================================================== 0 =================================================== -2 +0 =================================================== 0 @@ -26,24 +28,34 @@ 0 =================================================== -0 + +in public + + +=================================================== + +null + =================================================== -grantor_name grantee_name object_type object_name owner_name auth_type is_grantable -DBA T1 FUNCTION sp1 DBA EXECUTE NO -DBA T1 CLASS test1 DBA SELECT NO -DBA T1 VCLASS view1 DBA SELECT NO +Error:-163 +EXECUTE authorization failure. +=================================================== +Error:-163 +EXECUTE authorization failure. =================================================== -Grants for T1 -GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 -GRANT SELECT ON DBA.test1 TO T1 -GRANT SELECT ON DBA.view1 TO T1 +Error:-163 +EXECUTE authorization failure. +=================================================== +Error:-163 +EXECUTE authorization failure. =================================================== -Grants for DBA + +in u2 =================================================== @@ -52,35 +64,43 @@ null =================================================== -grantor_name grantee_name object_type object_name owner_name auth_type is_grantable -DBA T1 FUNCTION sp1 DBA EXECUTE NO -DBA T1 CLASS test1 DBA SELECT NO -DBA T1 VCLASS view1 DBA SELECT NO +Error:-146 +Cannot issue GRANT/REVOKE to owner of a . +=================================================== +0 =================================================== -Grants for T1 -GRANT EXECUTE ON PROCEDURE DBA.sp1 TO T1 -GRANT SELECT ON DBA.test1 TO T1 -GRANT SELECT ON DBA.view1 TO T1 +Grants for U2 + +=================================================== +Error:-150 +Cannot revoke privileges from self. =================================================== 0 =================================================== - -null +Grants for U2 =================================================== -0 +Error:-150 +Cannot revoke privileges from self. =================================================== -Grants for T1 -GRANT SELECT ON DBA.test1 TO T1 -GRANT SELECT ON DBA.view1 TO T1 + +in dba + +=================================================== + +null + + +=================================================== +0 =================================================== 0 diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer new file mode 100644 index 0000000000..6b1492dab6 --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer @@ -0,0 +1,52 @@ +=================================================== +0 + +=================================================== +0 + +=================================================== +unique_name sp_name owner.name +dba.fibonacci fibonacci DBA +public.fibonacci fibonacci PUBLIC + + +=================================================== +name owner.name substring(scode from 0 for 60) +Func_FIBONACCI DBA CREATE OR REPLACE FUNCTION dba.fibonacci(n INTEGER) RETURN I +Func_FIBONACCI PUBLIC CREATE OR REPLACE FUNCTION public.fibonacci(n INTEGER) RETUR + + +=================================================== +dba fibonacci: succ +2 + + +=================================================== +public fibonacci: fail +-1 + + +unknown exception +=================================================== +0 + +=================================================== +public fibonacci: succ +2 + + +=================================================== +0 + +=================================================== +public fibonacci: fail +-1 + + +unknown exception +=================================================== +0 + +=================================================== +0 + diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_grant_plcsql.sql similarity index 83% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_grant_plcsql.sql index a6657d0b14..9a8cb072f8 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_grant_plcsql.sql @@ -7,6 +7,8 @@ CREATE OR REPLACE FUNCTION sp1() return varchar as begin return 'hello'; end; + +-- bug, If use the command a 'show grant' on the not DBA user group, that return a error CREATE USER t1 GROUPS dba; GRANT EXECUTE ON PROCEDURE sp1 TO t1; @@ -14,32 +16,31 @@ GRANT EXECUTE ON PROCEDURE sp1 TO t1; create table test1 (col1 int); insert into test1 values(0),(2); create view view1 as select * from test1; -GRANT SELECT ON test1 TO t1; -GRANT SELECT ON view1 TO t1; - -CREATE OR REPLACE FUNCTION t1.sp2() return varchar as -begin - return 't1 hello'; -end; -GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba; +GRANT ALL PRIVILEGES ON test1 TO t1; +GRANT ALL PRIVILEGES ON view1 TO t1; SELECT * FROM db_auth WHERE grantee_name = 'T1' ORDER BY object_name; SHOW GRANTS FOR T1; --- DBA needs not permission -SHOW GRANTS FOR DBA; - call login('t1','') on class db_user; -- in t1 SELECT * FROM db_auth WHERE grantee_name = 'T1' ORDER BY object_name; SHOW GRANTS; -drop function sp2; +CREATE OR REPLACE FUNCTION t1.sp2() return varchar as +begin + return 't1 hello'; +end; +GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba; call login('dba','') on class db_user; +SHOW GRANTS FOR DBA; + +drop function t1.sp2; + -- REVOKE test (verify with CBRD-25506) REVOKE EXECUTE ON PROCEDURE sp1 FROM t1; SHOW GRANTS FOR T1; diff --git a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_grant_javasp.sql similarity index 90% rename from sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_grant_javasp.sql index df347519de..dca85a1ac7 100644 --- a/sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/02_grant_javasp.sql +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_grant_javasp.sql @@ -5,6 +5,7 @@ CREATE FUNCTION test1() RETURN int as language java name 'SpTest3.typetestint0() return int'; +-- bug, If use the command a 'show grant' on the not DBA user group, that return a error CREATE USER t1 GROUPS dba; GRANT EXECUTE ON PROCEDURE test1 TO t1; diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql new file mode 100644 index 0000000000..439594c7e5 --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql @@ -0,0 +1,67 @@ +--+ server-message on +-- verified the CBRD-25506 + + +create user u1 groups dba; +create user u2 groups dba; + +-- 1. Comparison to table and sp grant/revoke +evaluate('Comparison to table and sp grant/revoke'); +CREATE TABLE u1.tbl1 (a INT); + +GRANT EXECUTE ON u1.tbl1 TO u2; +REVOKE EXECUTE ON u1.tbl1 FROM u2; + +CREATE OR REPLACE FUNCTION u1.test1() return varchar as +begin + return 'hello'; +end; + +GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; +REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; + + +-- in public +evaluate('in public'); +call login('public','') on class db_user; + +-- ERROR: EXECUTE authorization failure +GRANT EXECUTE ON u1.tbl1 TO u2; +REVOKE EXECUTE ON u1.tbl1 FROM u2; +GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; +REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; + + +-- in u2 +evaluate('in u2'); +call login('u2','') on class db_user; + +-- ERROR: Cannot issue GRANT/REVOKE to owner of a class +GRANT EXECUTE ON u1.tbl1 TO u1; + +-- Execute OK. but no operate because u2 does not have permission on tb1 +GRANT EXECUTE ON u1.tbl1 TO u2; +-- Return empty +SHOW GRANTS FOR u2; +-- ERROR: Cannot revoke privileges from self +REVOKE EXECUTE ON u1.tbl1 FROM u2; + +-- Execute OK. but no operate because u2 does not have permission on test1 +GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; +-- Return empty +SHOW GRANTS FOR u2; +-- ERROR: Cannot revoke privileges from self +REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; + + +-- init +evaluate('in dba'); +call login('dba','') on class db_user; +drop table u1.tbl1; +drop FUNCTION u1.test1; +drop user u1; +drop user u2; + + + +--+ server-message off diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql new file mode 100644 index 0000000000..4f11059429 --- /dev/null +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql @@ -0,0 +1,70 @@ +--+ server-message on +-- verified the CBRD-25506 + +CREATE OR REPLACE FUNCTION dba.fibonacci(n INTEGER) RETURN INTEGER +IS + invalid_input EXCEPTION; +BEGIN + IF n <= 0 THEN + RAISE invalid_input; + END IF; + + IF n = 1 OR n = 2 THEN + RETURN 1; + ELSE + RETURN fibonacci(n-1) + fibonacci(n-2); + END IF; +EXCEPTION + WHEN invalid_input THEN + DBMS_OUTPUT.put_line('invalid input: ' || n); + RETURN -1; + WHEN OTHERS THEN + DBMS_OUTPUT.put_line('unknown exception'); + RETURN -1; +END; + +CREATE OR REPLACE FUNCTION public.fibonacci(n INTEGER) RETURN INTEGER +IS + invalid_input EXCEPTION; +BEGIN + IF n <= 0 THEN + RAISE invalid_input; + END IF; + + IF n = 1 OR n = 2 THEN + RETURN 1; + ELSE + RETURN dba.fibonacci(n-1) + dba.fibonacci(n-2); + END IF; +EXCEPTION + WHEN invalid_input THEN + DBMS_OUTPUT.put_line('invalid input: ' || n); + RETURN -1; + WHEN OTHERS THEN + DBMS_OUTPUT.put_line('unknown exception'); + RETURN -1; +END; + +-- check onwer & source +SELECT unique_name, sp_name, owner.name FROM _db_stored_procedure WHERE is_system_generated = 0 order by owner.name; +SELECT 'Func_FIBONACCI' as "name", owner.name, SUBSTRING(scode,0,60) FROM _db_stored_procedure_code order by owner.name; + +-- return: 2 +select fibonacci(3) as "dba fibonacci: succ" from dual; + +-- return: -1, because unknown exception +select public.fibonacci(3) as "public fibonacci: fail" from dual; + +GRANT EXECUTE ON PROCEDURE dba.fibonacci TO public; +-- return: 2 +select public.fibonacci(3) as "public fibonacci: succ" from dual; + +REVOKE EXECUTE ON PROCEDURE dba.fibonacci FROM public; +-- return: -1, because unknown exception +select public.fibonacci(3) as "public fibonacci: fail" from dual; + + +drop FUNCTION dba.fibonacci; +drop FUNCTION public.fibonacci; + +--+ server-message off From 30ba301084dcc48f1e8c3522d2b417658c611ead Mon Sep 17 00:00:00 2001 From: swi0110 Date: Mon, 14 Oct 2024 18:18:32 +0900 Subject: [PATCH 08/10] renamed test case --- ...1_grant_plcsql.answer => 01_normal_grant_revoke_plcsql.answer} | 0 ...2_grant_javasp.answer => 02_normal_grant_revoke_javasp.answer} | 0 .../answers/{03_error_check.answer => 03_error_permission.answer} | 0 .../{04_recursive.answer => 04_permission_with_recursive.answer} | 0 .../{01_grant_plcsql.sql => 01_normal_grant_revoke_plcsql.sql} | 0 .../{02_grant_javasp.sql => 02_normal_grant_revoke_javasp.sql} | 0 .../cases/{03_error_check.sql => 03_error_permission.sql} | 0 .../cases/{04_recursive.sql => 04_permission_with_recursive.sql} | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename sql/_05_plcsql/_01_testspec/_06_authorization/answers/{01_grant_plcsql.answer => 01_normal_grant_revoke_plcsql.answer} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/answers/{02_grant_javasp.answer => 02_normal_grant_revoke_javasp.answer} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/answers/{03_error_check.answer => 03_error_permission.answer} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/answers/{04_recursive.answer => 04_permission_with_recursive.answer} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/cases/{01_grant_plcsql.sql => 01_normal_grant_revoke_plcsql.sql} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/cases/{02_grant_javasp.sql => 02_normal_grant_revoke_javasp.sql} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/cases/{03_error_check.sql => 03_error_permission.sql} (100%) rename sql/_05_plcsql/_01_testspec/_06_authorization/cases/{04_recursive.sql => 04_permission_with_recursive.sql} (100%) diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_grant_plcsql.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_grant_javasp.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_normal_grant_revoke_javasp.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_grant_javasp.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/02_normal_grant_revoke_javasp.answer diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_check.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_check.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_permission_with_recursive.answer similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_recursive.answer rename to sql/_05_plcsql/_01_testspec/_06_authorization/answers/04_permission_with_recursive.answer diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_grant_plcsql.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_grant_plcsql.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_grant_javasp.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_normal_grant_revoke_javasp.sql similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_grant_javasp.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/02_normal_grant_revoke_javasp.sql diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_check.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_permission_with_recursive.sql similarity index 100% rename from sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_recursive.sql rename to sql/_05_plcsql/_01_testspec/_06_authorization/cases/04_permission_with_recursive.sql From ee4e4438b1c9aa035460999426a16120f320d68e Mon Sep 17 00:00:00 2001 From: swi0110 Date: Wed, 16 Oct 2024 14:22:46 +0900 Subject: [PATCH 09/10] Reflected review --- .../01_normal_grant_revoke_plcsql.answer | 10 ++- .../answers/03_error_permission.answer | 77 +++++++++++++++++++ .../cases/01_normal_grant_revoke_plcsql.sql | 10 ++- .../cases/03_error_permission.sql | 34 +++++++- 4 files changed, 121 insertions(+), 10 deletions(-) diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer index 3cba548298..00a925dfad 100644 --- a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/01_normal_grant_revoke_plcsql.answer @@ -101,17 +101,21 @@ GRANT EXECUTE ON PROCEDURE T1.sp2 TO DBA =================================================== 0 +=================================================== +Error:-494 +Semantic: before ' ; ' +User t1 is not in the database. revoke execute on procedure on [dba.sp1] from t1 + =================================================== Grants for T1 -GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.test1 TO T1 -GRANT ALTER, DELETE, EXECUTE, INDEX, INSERT, SELECT, UPDATE ON DBA.view1 TO T1 =================================================== 0 =================================================== -0 +Error:-165 +User "t1" is invalid. =================================================== 0 diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer index 00fbbf5f36..c44dc254bb 100644 --- a/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/answers/03_error_permission.answer @@ -15,18 +15,36 @@ Comparison to table and sp grant/revoke =================================================== 0 +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA U2 CLASS tbl1 U1 EXECUTE NO + + =================================================== 0 +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable + + =================================================== 0 =================================================== 0 +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable +DBA U2 FUNCTION test1 U1 EXECUTE NO + + =================================================== 0 +=================================================== +grantor_name grantee_name object_type object_name owner_name auth_type is_grantable + + =================================================== in public @@ -91,6 +109,20 @@ Cannot revoke privileges from self. =================================================== +in u1 + + +=================================================== + +null + + +=================================================== +Error:-494 +Semantic: SELECT is not authorized on _db_auth. [__t1].auth_type + +=================================================== + in dba @@ -99,6 +131,51 @@ in dba null +=================================================== + +do not use "on procedure": error + + +=================================================== +Error:-493 +Syntax: missing authorized command list + authorized command = SELECT, INSERT, INDEX, DELETE, UPDATE, ALTER, ADD, DROP, EXECUTE, REFERENCES, ALL PRIVILEGES, ALL + +=================================================== + +incorrect test: error + + +=================================================== +Error:-494 +Semantic: before ' to u2; ' +Unknown class "u1.test1". grant execute on [u1.test1] to u2 + +=================================================== +Error:-493 +Syntax: missing class spec list + +=================================================== +Error:-494 +Semantic: before ' to u2; ' +Stored procedure/function "dba.test1" does not exist. grant execute on procedure on [dba.test1] to u2 + +=================================================== + +mixed lower case and upper case: succ + + +=================================================== +0 + +=================================================== +0 + +=================================================== + +test end + + =================================================== 0 diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql index 9a8cb072f8..4c22a01aa0 100644 --- a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/01_normal_grant_revoke_plcsql.sql @@ -8,7 +8,6 @@ begin return 'hello'; end; --- bug, If use the command a 'show grant' on the not DBA user group, that return a error CREATE USER t1 GROUPS dba; GRANT EXECUTE ON PROCEDURE sp1 TO t1; @@ -41,12 +40,17 @@ SHOW GRANTS FOR DBA; drop function t1.sp2; --- REVOKE test (verify with CBRD-25506) + +-- drop user when before revoke from t1 +drop user t1; + +-- REVOKE error (because user t1 is drop) REVOKE EXECUTE ON PROCEDURE sp1 FROM t1; SHOW GRANTS FOR T1; -drop user t1; drop function sp1; + +drop user t1; drop test1, view1; --+ server-message off diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql index 439594c7e5..69d2ba56d2 100644 --- a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql @@ -1,8 +1,7 @@ --+ server-message on -- verified the CBRD-25506 - -create user u1 groups dba; +create user u1; create user u2 groups dba; -- 1. Comparison to table and sp grant/revoke @@ -10,7 +9,9 @@ evaluate('Comparison to table and sp grant/revoke'); CREATE TABLE u1.tbl1 (a INT); GRANT EXECUTE ON u1.tbl1 TO u2; +SELECT * FROM db_auth WHERE grantee_name = 'U2' ORDER BY object_name; REVOKE EXECUTE ON u1.tbl1 FROM u2; +SELECT * FROM db_auth WHERE grantee_name = 'U2' ORDER BY object_name; CREATE OR REPLACE FUNCTION u1.test1() return varchar as begin @@ -18,7 +19,9 @@ begin end; GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; +SELECT * FROM db_auth WHERE grantee_name = 'U2' ORDER BY object_name; REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; +SELECT * FROM db_auth WHERE grantee_name = 'U2' ORDER BY object_name; -- in public @@ -54,11 +57,34 @@ SHOW GRANTS FOR u2; REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; --- init +-- in u1 +evaluate('in u1'); +call login('u1','') on class db_user; + +-- bug, If use the command a 'show grant' on the not DBA user group, that return a error +SHOW GRANTS FOR u1; + + +-- in dba evaluate('in dba'); call login('dba','') on class db_user; + +evaluate('do not use "on procedure": error'); +GRANT EXECUTE ON FUNCTION u1.test1 to u2; + +evaluate('incorrect test: error'); +GRANT EXECUTE ON u1.test1 to u2; +GRANT ALL PRIVILEGES ON PROCEDURE u1.test1 to u2; +GRANT EXECUTE ON PROCEDURE test1 to u2; + +evaluate('mixed lower case and upper case: succ'); +GraNT eXecUTE oN ProceDure u1.test1 to u2; +reVOkE ExeCutE On pROceDure u1.test1 from u2; + + +evaluate('test end'); drop table u1.tbl1; -drop FUNCTION u1.test1; +drop function u1.test1; drop user u1; drop user u2; From 2688d32f6206c9ccf09740b88bdc9c70ca537daf Mon Sep 17 00:00:00 2001 From: swi0110 Date: Wed, 16 Oct 2024 14:54:59 +0900 Subject: [PATCH 10/10] add comment --- .../_06_authorization/cases/03_error_permission.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql index 69d2ba56d2..933e04cfba 100644 --- a/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql +++ b/sql/_05_plcsql/_01_testspec/_06_authorization/cases/03_error_permission.sql @@ -43,6 +43,7 @@ call login('u2','') on class db_user; GRANT EXECUTE ON u1.tbl1 TO u1; -- Execute OK. but no operate because u2 does not have permission on tb1 +-- bug: CBRD-25585 GRANT EXECUTE ON u1.tbl1 TO u2; -- Return empty SHOW GRANTS FOR u2; @@ -50,6 +51,7 @@ SHOW GRANTS FOR u2; REVOKE EXECUTE ON u1.tbl1 FROM u2; -- Execute OK. but no operate because u2 does not have permission on test1 +-- bug: CBRD-25585 GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; -- Return empty SHOW GRANTS FOR u2;