db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Van Couvering" <da...@vancouvering.com>
Subject Re: Roles for Derby - draft spec uploaded
Date Sat, 15 Sep 2007 23:27:23 GMT
Hi, Dag.  Thanks for this spec, this looks like a nice addition to Derby.

I have a couple of comments:

- It would be great to have some examples in addition to showing the
changes to the reference manual.  Identify some standard use cases
(Create Role, Grant Role, Revoke Role, Access Resource) and show what
commands are executed and what happens as a result.  This is not just
for reviewers' sake, but also for doc writers (and blog writers :))
The example you have is useful for understanding the spec, but not
necessarily so useful for understanding the common use cases.

- What is the motivation to choose not to support a default role when
a user signs in.  Alternately, if a user is granted roles A and B, why
not given them the union of the two privileges for role A and B.  Why
does the user have to select the role they want to have for a given
session?  That seems counter-intuitive.

At a minimum, if the SQL spec requires you have to 'wear only one hat
at a time," at least I'd like to choose my default hat - that is, be
able to specify my default role unless I choose a different one using
the SET ROLE command.



On 9/13/07, Dag H. Wanvik <Dag.Wanvik@sun.com> wrote:
> Hi all,
> just in case you didn't see it in the JIRA mails, I just uploaded a
> draft spec for adding roles to Derby (DERBY-2207). Any feedback is
> appreciated :)
> http://issues.apache.org/jira/secure/attachment/12365783/spec.html
> Thanks,
> Dag

View raw message