APAR status
Closed as program error.
Error description
Views which refer to tables in another database retrieve wrong select permissions if the owner of the current database does not have DBA privileges in the refered database. A subsequent GRANT statement fails with 302: No GRANT option or illegal option on multi-table view. The SELECT statement fails with 272: No SELECT permission for myview. The GRANT statement does not fail when the view contains a subscript of a character field like col[m,n]. Instead it will grant select privileges for this view column only. grant select on "informix".myview2 to "user1" as "informix"; is changed to grant select(v_col) on "informix".myview2 to "user1" as "informix";
Local fix
Grant DBA privileges to the database owner in the second database: GRANT DBA to "user1"
Problem summary
**************************************************************** * USERS AFFECTED: * * Users with Informix views that contain subscripted columns, * * and try to extend the permission chain with GRANT. * **************************************************************** * PROBLEM DESCRIPTION: * * Customer was observing inconsistent behavior while granting * * select permissions on Informix views. If the view had a * * subscripted column, the grant would succeed, but if the view * * contained the full column, the grant would fail. * **************************************************************** * RECOMMENDATION: * * Upgrade to 11.50xC9 or later (on 11.50 family) * * Upgrade to 11.70xC2 or later (on 11.70 family) * ****************************************************************
Problem conclusion
The problem was caused by incorrect handling of the permissions when creating a view. Permissions for subscripted columns were not being assigned in the same way as those for non-subscripted columns. New behavior makes the permissions on subscripted columns up to par with those of non-subscripted columns. (with the exception of UPDATE privilege which is unset by default in subscripted columns). Upgrade to 11.50xC9 or later (on 11.50 family) Upgrade to 11.70xC2 or later (on 11.70 family)
Temporary fix
Comments
APAR Information
APAR number
IC71059
Reported component name
IBM IDS ENTRP E
Reported component ID
5724L2304
Reported release
B15
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-09-09
Closed date
2011-09-27
Last modified date
2011-09-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM IDS ENTRP E
Fixed component ID
5724L2304
Applicable component levels
RB15 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSGU8G","label":"Informix Servers"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B15","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
27 September 2011