db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2207) Improve usability of Derby's client/server security by implementing ANSI Roles
Date Tue, 22 Jan 2008 19:21:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561425#action_12561425
] 

Dag H. Wanvik commented on DERBY-2207:
--------------------------------------

Thanks for looking at the specification again!

> Section 5.3) > (Implementation restriction) Currently in Derby, user
> identifier can be max 30 characters long. Until this restriction is
> lifted, roles will have the same limit,
> Can this restriction be explained? Since a role is not a user
> identifier, why should a limit on user identifier impact role name?

I think the only reason I inherited this restriction is that
the system tables represent GRANTEE/GRANTOR as VARCHAR(30), but I
could change that I guess? It may be only the documentation which says
max 30, I think the actual column is SQLIdentifier
(VARCHAR(255)). I'll see if I can remove this restriction from
roles.

> 
> Section 6.1 The name authorization identifier name space issue or
> maybe section 5.4
> 
> When granting a privilege can you specify the behaviour for
> roles/users. I think it is that if the grantee exists as a role then
> the privilege is granted to that role, otherwise grantee is treated
> as a user identifier. I think this falls out of the current grant
> implementation, ie. the grant doesn't actually care if grantee is a
> role name or a user name, it just updates the catalogs. Good to be
> explicit here.

Yes, this is how I understand it also. Will add some explicitness here :)


> Improve usability of Derby's client/server security by implementing ANSI Roles
> ------------------------------------------------------------------------------
>
>                 Key: DERBY-2207
>                 URL: https://issues.apache.org/jira/browse/DERBY-2207
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>         Attachments: spec.html, spec.html, spec.html, spec.html, spec.html, spec.html
>
>
> Implementing ANSI Roles will make it easier to manage security for multi-user applications
with high user turnover.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message