AWS AmazonRDS documentation change
Summary
Updated documentation about GRANT/REVOKE permissions limitations in Babelfish
Security assessment
Clarifies security-related permission limitations but does not address a specific vulnerability. Adds documentation about security controls without fixing an existing issue.
Diff
diff --git a/AmazonRDS/latest/AuroraUserGuide/babelfish-permissions.md b/AmazonRDS/latest/AuroraUserGuide/babelfish-permissions.md index af9aeb52d..7cb39113f 100644 --- a//AmazonRDS/latest/AuroraUserGuide/babelfish-permissions.md +++ b//AmazonRDS/latest/AuroraUserGuide/babelfish-permissions.md @@ -19,2 +19,2 @@ Allow login to do SELECTs/DMLs/DDLs in a database | Make login the owner of th -Allow database user to do SELECTs/DMLs on a schema | Grant permission to database user on schema | GRANT SELECT/EXECUTE/INSERT/UPDATE/DELETE ON SCHEMA::`schema` TO `user` | None | Version 3.6 and higher, 4.2 and higher -Allow database user to do SELECTs/DMLs on a schema | Make database user owner of schema at schema creation time | CREATE SCHEMA `schema` AUTHORIZATION `user` | Changing schema ownership after creation isn't currently supported. | Version 1.2 and higher +Allow database user to do SELECTs/DMLs on a schema | Grant permission to database user on schema | GRANT SELECT/EXECUTE/INSERT/UPDATE/DELETE ON SCHEMA::`schema` TO `user` | CASCADE isn't supported with Grant/Revoke on Schema. GRANT/REVOKE OPTION FOR .. on SCHEMA isn't supported in Babelfish. GRANT/REVOKE inside CREATE SCHEMA isn't supported in Babelfish. | Version 3.6 and higher, 4.2 and higher +Allow database user to do SELECTs/DMLs on a schema | Make database user owner of schema at schema creation time | CREATE SCHEMA `schema` AUTHORIZATION `user`. | Changing schema ownership after creation isn't currently supported. | Version 1.2 and higher