Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Too easy to grant access to table without schema #4009

Open
mathemancer opened this issue Nov 4, 2024 · 0 comments
Open

Too easy to grant access to table without schema #4009

mathemancer opened this issue Nov 4, 2024 · 0 comments
Labels
beta: approved Temporary label to mark issues that are approved needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase needs: requirements The problem is clear and worth solving, but we're not yet sure of the best solution type: bug Something isn't working work: frontend Related to frontend code in the mathesar_ui directory

Comments

@mathemancer
Copy link
Contributor

mathemancer commented Nov 4, 2024

Description

It's easy to grant SELECT on a table to another user's role, while neglecting to grant USAGE on that table's schema. This results in a confusing and aberrant situation for the user being granted the SELECT privilege.

Expected behavior

When granting SELECT on a table to a user's role which doesn't have USAGE on the table's schema, Mathesar should either:

  • refuse to grant SELECT on that table, and show a warning or error of some sort, (my preference), or
  • grant SELECT on the table as requested and automatically grant USAGE on the table's schema, or
  • grant SELECT on the table as requested and show a warning or error about the USAGE issue.

To Reproduce

As an admin user,

  1. Create another standard user
  2. Set that user up as a collaborator on a database
  3. Navigate to a table of the database under some schema other than public
  4. Grant SELECT (called "Read" in the dropdown) to that user.
  5. Notice you weren't warned about the USAGE problem.

Additional context

Sort of related to #4008 , in that solving this bug would make that one less likely to be noticed.

@mathemancer mathemancer added type: bug Something isn't working needs: triage This issue has not yet been reviewed by a maintainer work: frontend Related to frontend code in the mathesar_ui directory needs: requirements The problem is clear and worth solving, but we're not yet sure of the best solution needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase and removed needs: triage This issue has not yet been reviewed by a maintainer labels Nov 4, 2024
@mathemancer mathemancer added this to the v0.2.0 (beta release) milestone Nov 4, 2024
@mathemancer mathemancer changed the title Easy to grant access to table without schema Too easy to grant access to table without schema Nov 4, 2024
@kgodey kgodey added the beta: needs discussion Temporary label to mark issues that need discussion label Dec 11, 2024
@kgodey kgodey added beta: approved Temporary label to mark issues that are approved and removed beta: needs discussion Temporary label to mark issues that need discussion labels Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
beta: approved Temporary label to mark issues that are approved needs: frontend approval The frontend team might not agree on whether this makes sense for the codebase needs: requirements The problem is clear and worth solving, but we're not yet sure of the best solution type: bug Something isn't working work: frontend Related to frontend code in the mathesar_ui directory
Projects
None yet
Development

No branches or pull requests

2 participants