Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'with caller privileges' has no effect in triggers #7691

Closed
Khalyutin opened this issue Aug 2, 2023 · 0 comments
Closed

'with caller privileges' has no effect in triggers #7691

Khalyutin opened this issue Aug 2, 2023 · 0 comments
Assignees
@AlexPeshkoff
Labels
affect-version: 4.0.3 affect-version: 5.0 Beta 1 fix-version: 4.0.4 fix-version: 5.0 RC 1 qa: done successfully type: bug

Comments

@Khalyutin
Copy link

fb.5 & fb.4 'with caller privileges' has no effect in triggers

(no this error in stored procedure )

tested in linux & windows FB3, FB4 & FB5
work on FB3. exception on FB4 & FB5

example under windows:

rem cd C:\TOOLSET\Firebird\Firebird_3_0
rem cd C:\TOOLSET\Firebird\Firebird_4_0

cd C:\TOOLSET\Firebird\Firebird_5_0

isql

connect 'd:\database\FB5\my_database.fdb' user 'SYSDBA' ; 
drop user my_user;
drop  database;

create database 'd:\database\FB5\my_database.fdb' user 'SYSDBA'  page_size 8192 default character set UTF8;
set term ^;

create user my_user password 'my_pass' ^
commit work ^

create table my_table
( my_num   integer
, my_data  varchar(255)
) ^
commit work ^
insert into my_table(my_num , my_data) values (1, 'qwerty') ^
commit work ^

create table my_table_2
( my_num   integer
, my_data  varchar(255)
) ^
grant all on table my_table_2 to user my_user ^
commit work ^

create or alter trigger my_table_2_trigger  
    for      my_table_2
    active   before insert or update or delete 
    position 100 
as
   declare variable nm$check_ok     integer;
begin     

        execute statement 'select first 1 1 from my_table ' 
              with caller privileges  
                    into: nm$check_ok;             

end ^
grant all    on table my_table_2 to trigger my_table_2_trigger ^
grant select on table my_table   to trigger my_table_2_trigger ^  -- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

commit work ^


connect 'd:\database\FB5\my_database.fdb' user 'my_user' ^ 
insert into my_table_2(my_num , my_data) values (1234, 'qwerty') ^

-- in FB5 and FB4
-- Statement failed, SQLSTATE = 28000
-- no permission for SELECT access to TABLE MY_TABLE
-- -Effective user is MY_USER
-- -At trigger 'MY_TABLE_2_TRIGGER' line: 12, col: 13

commit work ^
select * from my_table_2 ^

-- in FB 3 :
-- MY_NUM MY_DATA
-- ===================================
-- 1234 qwerty
@AlexPeshkoff AlexPeshkoff self-assigned this Aug 10, 2023
@AlexPeshkoff AlexPeshkoff changed the title fb.5 & fb.4 'with caller privileges' has no effect in triggers 'with caller privileges' has no effect in triggers Aug 10, 2023
AlexPeshkoff added a commit that referenced this issue Aug 10, 2023
@AlexPeshkoff
Fixed #7691: 'with caller privileges' has no effect in triggers
d443f5f
AlexPeshkoff added a commit that referenced this issue Sep 5, 2023
@AlexPeshkoff
Fixed #7691: 'with caller privileges' has no effect in triggers
bb3c3d7 
(cherry picked from commit cf64245)
dyemanov pushed a commit that referenced this issue Sep 13, 2023
@AlexPeshkoff @dyemanov
Fixed #7691: 'with caller privileges' has no effect in triggers
bf4904e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexPeshkoff AlexPeshkoff

Labels
affect-version: 4.0.3 affect-version: 5.0 Beta 1 fix-version: 4.0.4 fix-version: 5.0 RC 1 qa: done successfully type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AlexPeshkoff @pavel-zotov @Khalyutin