search

lbehnke / h2database

Automatically exported from code.google.com/p/h2database
0 stars 0 forks source link

Authorization/admin role incorrectly handled or documentation inconsistency #51

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
(simple SQL scripts or simple standalone applications are preferred)
1. create a new database using the H2 database console by connecting to:
   JDBC URL: jdbc:h2:file
   username: sa
2. -- create a new user
create user TEST password 'test';

3. -- create a new schema to associate the new user with
create schema TEST authorization TEST;

output error:
create schema TEST authorization TEST;

Admin rights are required for this operation [90040-106] 90040/90040

4. -- grant admin privileges to SA though SA has already admin privileges
alter user sa admin true;

5. -- create a new schema to associate the new user with
create schema TEST authorization TEST;

output error:
create schema TEST authorization TEST;

Admin rights are required for this operation [90040-106] 90040/90040

What is the expected output? What do you see instead?

schema test is created by user sa who has admin privileges and user test
owns the test schema

What version of the product are you using? On what operating system, file
system, and virtual machine?

h2-1.1.106

Do you know a workaround?

6. -- grant admin privileges to user test (though I don't want it for my
application)

alter user test admin true;

create schema TEST authorization TEST;

-- now the schema creation succeed

How important/urgent is the problem for you?

not urgent since I'm currently in development mode

In your view, is this a defect or a feature request?

a defect, SA has admin privileges, new user can have a new schema
associated to although they are not admin of the whole database, they just
have "schema-admin" privileges

Please provide any additional information below.

Original issue reported on code.google.com by loic.lef...@gmail.com on 21 Jan 2009 at 5:10

GoogleCodeExporter commented 9 years ago 
Regarding documentation inconsistency:

"CREATE SCHEMA [IF NOT EXISTS] name [AUTHORIZATION ownerUserName]

Creates a new schema.
The current user owner must have admin rights.
If no authorization is specified, the current user is used.

Example:
CREATE SCHEMA TEST_SCHEMA AUTHORIZATION SA"

The sentence "The current user owner must have admin rights." means the current 
user
(SA) must have admin rights however it should be (regarding current behavior):

The specified user ownerUserName (TEST in my example) must have admin rights as 
well
as the current/connected user (SA in my example).

Original comment by loic.lef...@gmail.com on 21 Jan 2009 at 5:14

GoogleCodeExporter commented 9 years ago 
Hi,

Yes, the documentation is confusing. I will write:

"Creates a new schema.
If no owner is specified, the current user is used.
The user that executes the command must have admin rights,
as well as the owner."

I need to check why the owner must have admin rights, maybe this is not 
necessary.

Original comment by thomas.t...@gmail.com on 26 Jan 2009 at 5:42

GoogleCodeExporter commented 9 years ago

Original comment by thomas.t...@gmail.com on 6 Feb 2009 at 4:40

GoogleCodeExporter commented 9 years ago 
The documentation is now changed.

Original comment by thomas.t...@gmail.com on 1 Mar 2009 at 10:04