db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack
Date Fri, 18 Jan 2008 23:23:35 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560598#action_12560598

Dag H. Wanvik commented on DERBY-3327:

Thanks for looking at this, Rick!
Re your question:
Not really, just to emphaszie that this field will only ever hold the current role of a stored
procedure scope; never
the outer scope. But since it can be confusing, I will change it to currentRole and leave
the it to the comments
to explain this fact. 

Btw, I have vacillated a bit over whether to call the field holding the current role (a string)
currentRole, currentRoleName or currentRoleId. The standard uses the term "authorization identifier"
(generic for both user and role), but also plain "role name". But in SQL section 5.4 I see
the syntax is specified as
 <authorization identifier> ::=
       <role name>
     | <user identifier> 

so I will rename fields and arguments whereever appropriate to currentRoleName and roleName
at some point,
I think.  Also,the current code uses "authorizationId" for *user identifier* in many places
which can also be 
confusing now that roles are introduced. This should probably be cleaned up as well.

> SQL roles: Implement authorization stack
> ----------------------------------------
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For:
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat
> The current LanguageConnectionContext keeps the user authorization identifier for an
SQL session.
> The lcc is shared context also for nested connections (opened from stored procedures).
> So far, for roles, the current role has been stored in the lcc also. However, SQL requires
> authorization identifers be pushed on a "authorization stack" when calling a stored procedure,
> SQL 2003, vol 2, section and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by the stored
> This issue will implement the current role name part ("cell") of the authorization stack.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message