db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "GrantRevokeImplementation" by DanDebrunner
Date Mon, 24 Jul 2006 17:44:17 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:

      RoutinePrivilegeInfo stored in constant action plus list of names
+ Arbitary Statement S1 - 1-N StatementPermissions
+ StatementPermissions describe the type of permission required, not an instance of a grant.
+ E.g. EXECUTE on routine A
+ Execution of statement goes through set of StatementPermissions and sees if the
+ permissions have been granted for the current user.
+  StatementPermission + user -> check against set of existing granted privileges
+     implemented by check method on StatementPermission 
+ Dependency system for automatic drop (e.g drop view when select priv is dropped).
+ The CREATE statement for objects that can be dropped on a revoke automatically
+ contain the list of require permission
+ Code walks this list to determine the sub-set of permissions that are required
+ for the object to be dependent on. Sub-set because:
+      - multiple objects created in a single statement (constraints in CREATE TABLE)
+      - no dependencies for owner of object
+      - ???
+ Since the dependency system for persistent dependies needs a persistent object
+ the dependency is made on a PrivilegeDescriptor. When an object needs this
+ dependency it calls the  StatementPermission  to get a specific PermissionDescriptor
+ for the required user (the one creating the object).
+ Then this PermissionDescriptor is added to the set of dependencies for the object.
+ thus really PermissionDescriptor = StatementPermission + other stuff

View raw message