Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 99305 invoked from network); 30 Jan 2008 19:20:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Jan 2008 19:20:00 -0000 Received: (qmail 98022 invoked by uid 500); 30 Jan 2008 19:19:50 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 97994 invoked by uid 500); 30 Jan 2008 19:19:50 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 97985 invoked by uid 99); 30 Jan 2008 19:19:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2008 11:19:50 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2008 19:19:44 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2E7A671423E for ; Wed, 30 Jan 2008 11:19:36 -0800 (PST) Message-ID: <12787552.1201720776184.JavaMail.jira@brutus> Date: Wed, 30 Jan 2008 11:19:36 -0800 (PST) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-3137) SQL roles: add catalog support In-Reply-To: <21789112.1192785950819.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12564133#action_12564133 ] Daniel John Debrunner commented on DERBY-3137: ---------------------------------------------- I'm still struggling with the SQL Standard here for SET ROLE (and identifiers in general): 3a) Let S be and let V be the character string that is the value of TRIM ( BOTH ' ' FROM S ) 3b) If V does not conform to the Format and Syntax Rules of a , then an exception condition is raised: invalid role specification. DERBY-2109 discussion implied that this means the format of V needs to be that of a SQL identifier (regular or delimited). Now CURRENT_ROLE is a valid , does this mean CURRENT_ROLE needs to return the role name as SQL identifier, instead of the CNF of the role name? The spec says "value of the current role". I'm not convinced that the conclusion in DERBY-2109 is correct, seems more logical to me that V here should be the CNF of the role name. Section 5.2 SR 24) says the CNF of a regular identifier is used in the system catalogs, thus if CURRENT_ROLE is to be used in queries against the catalogs it has to return the CNF of the role name. Which then contradicts SET ROLE and value specification. I can't see any explicit statement about what the "value of the current role" means, or the more general "value of an identifier". > SQL roles: add catalog support > ------------------------------ > > Key: DERBY-3137 > URL: https://issues.apache.org/jira/browse/DERBY-3137 > Project: Derby > Issue Type: New Feature > Components: Security, SQL > Reporter: Dag H. Wanvik > Assignee: Dag H. Wanvik > Fix For: 10.4.0.0 > > Attachments: DERBY-3137-2.diff, DERBY-3137-2.stat, DERBY-3137-2.txt, DERBY-3137-uuid.diff, DERBY-3137-uuid.stat, DERBY-3137.diff, DERBY-3137.diff, DERBY-3137.stat, DERBY-3137.txt > > > As a next step after adding support for the roles syntax, I intend to > make a patch which implements catalog support for roles, > cf. SYS.SYSROLES described in the specification (attached to > DERBY-2207). Also the patch should tie this support up to the parser > support, so the role statements can be executed. Any privileges > granted to roles would still have no effect at run-time. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.