db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Roles for Derby - draft spec uploaded
Date Mon, 17 Sep 2007 19:00:54 GMT


On 9/17/07, Dag H. Wanvik <Dag.Wanvik@sun.com> wrote:
>> As for having a default role on connect, that could be added later.
>> This is implementation defined behavior, according to SQL std. 

Where does the standard say that? I see in section 4.37.2 the sentence:

   "An SQL-session initially has no SQL-session role name."

David Van Couvering wrote:

 >
 > Are you saying that with what you're proposing, if you're granted only
 > one role, then that's the role you would have when you connect a
 > session?  If not, shouldn't that be pretty easy to do?   I see your
 > point about sudo, but if I have only *one* role then why shouldn't
 > that be the role I get?

According to my [quick] reading of the standard a SQL session initially 
does not have a role associated with it.

 > I can just hear myself cursing every time I have to type in "SET ROLE
 > admin" before I can get any work done through my admin UI.

There's  nothing to stop a tool determining if a user has a single role 
and then executing a SET ROLE before it opens its admin UI.

Dan.

Mime
View raw message