db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: Impending release branch cut; how to mask unifinished roles feature
Date Mon, 25 Feb 2008 09:01:48 GMT
Daniel John Debrunner <djd@apache.org> writes:

> It is possible to provide a quick summary of what the current state is
> (what works and what doesn't)?

Sure.

Works:

- Parsing, binding and constant actions for all specified new syntax
  works (see spec.html attached to DERBY-2207), including persisting
  and accessing role dictionary information, basic checks and
  dictionary soft/hard upgrade behavior.  Thus, permissions can be
  granted and revoked to/from roles, but currently such permissions
  are not activated when permissions are checked. The relaxing of role
  name length and SYS prefix reservation is checked in.

- Tests for the above: RolesTest, two new Changes10_4 fixtures.

- ij "show roles" command

Patches available (not committed yet):

 - SQL session context implementation (DERBY-3327) (routine stack
   behavior for current roles, schema).
   Also solves DERBY-1331. Not sure if I should commit this before
   branch cut; changing default schema semantics and implementation
   may be risky. Running some performance checks on schema part of
   this patch now.

-  Additional checks for "PUBLIC" keyword (DERBY-3333).

Sandbox stage yet (partly implemented, partly works):

 - making use of permissions through roles, including
   in roles in role grant closure
 - registering dependencies on roles for persistent objects
   (views, constraints, triggers) and prepared
   statements/activations
 - invalidation actions when roles are dropped, role grants revoked, and
   current role changes.

Not yet started:

 - "best effort" attempt to check that new role does not overlap with a
   user name, cf. spec section  6.1.
 - memory caching of roles descriptors for performance
 - user documentation

Dag

Mime
View raw message