db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1330) Provide runtime privilege checking for grant/revoke functionality
Date Fri, 30 Jun 2006 14:52:32 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1330?page=comments#action_12418661 ] 

Daniel John Debrunner commented on DERBY-1330:
----------------------------------------------

Comment on QueryTreeNode changes and related items:
I think the logic for what you are trying to do is correct, but the terminology and some of
the descriptions in comments could be expanded.
    The code equates executing with definer's priviliges to not having to collect priviliges
dependencies.  I think the comments on isExecutingWithInovkerPrivileges() could be expanded
to explain why collection is not needed. I think that maybe it's not generally true for definer
mode and maybe the methods could be better named to relfect the actual situations, which I
think are:
   -  create view - collect privilege information for select statement
   -   execute view (as definer) -collect privilege information for select statement
   -   execute select (invoker) - do collect privilege information for select statement

I'm just concerned that in the future when/if Derby supports definer mode for routines will
the naming scheme for your methods continue to make sense, or can we ensure today that the
method names (and comments) accurately reflect their purpose?

Another aspect of this is the use of "executing" in the current tense for the QueryNodes (method
name isExecutingWithInvokerPrivileges,  comment "this node is executing"). The executing you
are talking about relates to the runtime execution of the generated statement, not the execution
of the node itself. Maybe be picky, but  it's easy to get lost in the code because the present
tense leads one to have the mindset the code is referring the current compilation, not the
future execution.






> Provide runtime privilege checking for grant/revoke functionality
> -----------------------------------------------------------------
>
>          Key: DERBY-1330
>          URL: http://issues.apache.org/jira/browse/DERBY-1330
>      Project: Derby
>         Type: Sub-task

>   Components: SQL
>     Versions: 10.2.0.0
>     Reporter: Mamta A. Satoor
>     Assignee: Mamta A. Satoor
>  Attachments: AuthorizationModelForDerbySQLStandardAuthorization.html, AuthorizationModelForDerbySQLStandardAuthorizationV2.html,
Derby1330ViewPrivilegeCollectionV1diff.txt, Derby1330ViewPrivilegeCollectionV1stat.txt
>
> Additional work needs to be done for grant/revoke to make sure that only users with required
privileges can access various database objects. In order to do that, first we need to collect
the privilege requirements for various database objects and store them in SYS.SYSREQUIREDPERM.
Once we have this information then when a user tries to access an object, the required SYS.SYSREQUIREDPERM
privileges for the object will be checked against the user privileges in SYS.SYSTABLEPERMS,
SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS. The database object access will succeed only if the
user has the necessary privileges.
> SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS are already populated by Satheesh's
work on DERBY-464. But SYS.SYSREQUIREDPERM doesn't have any information in it at this point
and hence no runtime privilege checking is getting done at this point.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message