Skip to content

Commit 04598a6

Browse files
AlexPeshkoffAlexPeshkoff
committed
Backported CORE-6489: User without ALTER ANY ROLE privilege can use COMMENT ON ROLE
1 parent f9c12bc commit 04598a6

1 file changed

Lines changed: 15 additions & 0 deletions

File tree

src/jrd/ini.epp

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -445,6 +445,9 @@ void INI_format(const char* owner, const char* charset)
445445
generator->gen_name, length, buffer);
446446
}
447447

448+
add_security_to_sys_obj(tdbb, ownerName, obj_sql_role,
449+
ADMIN_ROLE, length, buffer);
450+
448451
for (const IntlManager::CharSetDefinition* charset = IntlManager::defaultCharSets;
449452
charset->name;
450453
++charset)
@@ -1175,6 +1178,18 @@ static void add_security_to_sys_obj(thread_db* tdbb,
11751178
}
11761179
END_FOR
11771180
}
1181+
else if (obj_type == obj_sql_role)
1182+
{
1183+
FOR(REQUEST_HANDLE handle) R IN RDB$ROLES
1184+
WITH R.RDB$ROLE_NAME EQ obj_name.c_str()
1185+
{
1186+
MODIFY R USING
1187+
R.RDB$SECURITY_CLASS.NULL = FALSE;
1188+
PAD(security_class.c_str(), R.RDB$SECURITY_CLASS);
1189+
END_MODIFY
1190+
}
1191+
END_FOR
1192+
}
11781193
else if (obj_type == obj_database)
11791194
{
11801195
FOR(REQUEST_HANDLE handle) DB IN RDB$DATABASE

0 commit comments

Comments
 (0)