db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3146) Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
Date Thu, 25 Oct 2007 09:51:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537555
] 

Dag H. Wanvik commented on DERBY-3146:
--------------------------------------

Hi Bryan,

> Are there upgrade issues with changing the length of system catalog column? 

I don't believe so, because in the catalog code the length restriction is the same
as for other identifiers:

* Permissions tables occurences of authorization id:

(Note that the documentation is slightly misleading here, indicating
 VARCHAR(30), but that is not what is implemented, apparently.)

    ij> select cast(columnname as varchar(10)) as columnname, 
               cast(columndatatype as varchar(30)) as columndatatype 
               from sys.syscolumns where columnname like 'GRANTOR';
    
    COLUMNNAME|COLUMNDATATYPE                
    -----------------------------------------
    GRANTOR   |VARCHAR(128) NOT NULL         
    GRANTOR   |VARCHAR(128) NOT NULL         
    GRANTOR   |VARCHAR(128) NOT NULL         
    GRANTOR   |VARCHAR(128) NOT NULL         
    
    ij> select cast(columnname as varchar(10)) as columnname, 
               cast(columndatatype as varchar(30)) as columndatatype 
               from sys.syscolumns where columnname like 'GRANTEE';
    
    COLUMNNAME|COLUMNDATATYPE                
    -----------------------------------------
    GRANTEE   |VARCHAR(128) NOT NULL         
    GRANTEE   |VARCHAR(128) NOT NULL         
    GRANTEE   |VARCHAR(128) NOT NULL         
    GRANTEE   |VARCHAR(128) NOT NULL         
    
* SYSSCHEMA occurence of authorization id:
    
    ij> select cast(columnname as varchar(20)) as columnname, 
               cast(columndatatype as varchar(30)) as columndatatype 
               from sys.syscolumns where columnname like 'AUTHORIZATIONID';
    
    COLUMNNAME          |COLUMNDATATYPE                
    ---------------------------------------------------
    AUTHORIZATIONID     |VARCHAR(128) NOT NULL         
    
    


> Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3146
>                 URL: https://issues.apache.org/jira/browse/DERBY-3146
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Priority: Minor
>
> While working on roles, I notice that there is a max size of 30 on
> user ids in derby (authorization identifiers), e.g. the check being
> performed in the parser:
> private void checkAuthorizationLength( String authorization)
> :
>    checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);
> :
> where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
> think there are any fundamental reasons why Derby can't lift this DB2
> restriction: Then authorization identifiers would have the same max
> limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).
> Currently, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the
> grantees.
> However, in the CREATE SCHEMA statement, the clause
>          AUTHORIZATION <authorization identifier>
> which allows specifying a schema's owner, is *not* subject to this
> restriction. This is also reflected in the reference documentation for
> system tables:
>       
> SYS.SYSCHEMAS:
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> AUTHORIZATIONID VARCHAR 128     false           the authorization
>                                                 identifier of the
>                                                 owner of the schema  
> SYS.SYSTABLEPERMS:
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> GRANTEE 	VARCHAR 30 	False 	        The authorization ID
>                                                 of the user to whom
>                                                 the privilege is
>                                                 granted.  
> Furthermore, the limit is enforced in the authorizer code
> (AuthorizationServiceBase#authenticate). It is also reflected in the
> metadata: EmbedDatabaseMetaData#getMaxUserNameLength.
> I think it would be good to harmonize these two different limits for
> authorization identifier and change the limit to 128
> (Limits.MAX_IDENTIFIER_LENGTH).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message