db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3146) Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
Date Wed, 24 Oct 2007 14:14:50 GMT
Adjust length restriction on user identifiers (authorization ids) to same as other identifiers

                 Key: DERBY-3146
                 URL: https://issues.apache.org/jira/browse/DERBY-3146
             Project: Derby
          Issue Type: Improvement
          Components: Security, SQL
            Reporter: Dag H. Wanvik
            Priority: Minor

While working on roles, I notice that there is a max size of 30 on
user ids in derby (authorization identifiers), e.g. the check being
performed in the parser:

private void checkAuthorizationLength( String authorization)
   checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);

where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
think there are any fundamental reasons why Derby can't lift this DB2
restriction: Then authorization identifiers would have the same max
limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).

Currently, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the

However, in the CREATE SCHEMA statement, the clause

         AUTHORIZATION <authorization identifier>

which allows specifying a schema's owner, is *not* subject to this
restriction. This is also reflected in the reference documentation for
system tables:

Column Name 	Type 	Length 	Nullability 	Contents
AUTHORIZATIONID VARCHAR 128     false           the authorization
                                                identifier of the
                                                owner of the schema  


Column Name 	Type 	Length 	Nullability 	Contents
GRANTEE 	VARCHAR 30 	False 	        The authorization ID
                                                of the user to whom
                                                the privilege is

Furthermore, the limit is enforced in the authorizer code
(AuthorizationServiceBase#authenticate). It is also reflected in the
metadata: EmbedDatabaseMetaData#getMaxUserNameLength.

I think it would be good to harmonize these two different limits for
authorization identifier and change the limit to 128

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message