db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: [Grant/Revoke]Proposal for invoker/definer model
Date Wed, 15 Mar 2006 23:16:49 GMT


Daniel John Debrunner wrote:

>I don't think it's that simple, the implementation of views leads to
>some differences, but fundamentally the model that Mamta is proposing
>has to apply. Thus views have to interact with the pushing & popping model.
>
>  
>
You are right... I was talking about how to do permission checks only
and that is different for views. For objects in views, Derby needs to
capture which authoriztionId to check permissions against, in addition
to what is already done currently. So I was thinking of extending
StatementPermission objects to include authorizationId for objects that
need DEFINER semantics. This only addresses first part of the
functionality... using appropriate authorizationId during permission checks.

This should help generate correct "Required permissions" list that you
have here. I should have more details by next week.

Thanks for your thoughts.

Satheesh

>Take this example:
>
>-- view owned by dan
>create viewdan as
>select TC.name, F(HA) FA from viewsatheesh vs, TC where TC.id = VS.ID
>
>-- view owned by satheesh
>create viewsatheesh as
>select id, H(a) HA from TO
>
>-- connection with user identifier mamta.
>
>executes 'select name, G(FA) from viewdan'
>
>This is expanded to, something like:
>
>select select TC.name, G(F(H(a))) from TO, TC
>                where TC.id = TO.ID
>
>Required permissions:
>=====================
>
>viewdan select by mamta
>viewsatheesh select by dan (implicit in view definition?)
>TO select by sateesh (implicit in view definition?)
>TC select by dan (implicit in view definition?)
>H execute by sateesh (implicit in view definition?)
>F execute by dan (implicit in view definition?)
>G execute by mamta
>
>Current user when executing functions:
>======================================
>
>H() is executed as satheesh (invoker in viewsatheesh)
>f() is executed as dan (invoker in viewdan)
>G() is executed as mamta (invoker in outer query)
>
>The 'executed as' is important, it gets reflected in any server-side
>JDBC accessed by the function. Those server-side JBDC calls are invoked
>with the permissions of the invoker of the function. The invoker of the
>function is defined by the view or the outer select.
>
>Thanks,
>Dan.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>  
>


Mime
View raw message