db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fp <Frank.Pien...@impaqgroup.com>
Subject Re: Impending release branch cut; how to mask unifinished roles feature
Date Tue, 18 Mar 2008 13:34:06 GMT

I get a little bit confused about the SQL Role Feature. 
Is it part of the 10.4.1 Release as stated on
http://wiki.apache.org/db-derby/DerbyTenFourRelease
or not as in the RELEASE-NOTES of the  10.4.1.0 beta - (637204M).

When i set the property -Dderby.database.sqlAuthorization=true and execute
create role
I get an error 42Z60: CREATE ROLE not allowed unless database property
derby.database.sq
lAuthorization has value 'TRUE'.
But the Table select * from sys.sysroles; ist there.
What's the status quo with SQL ROLES?


Dag H. Wanvik wrote:
> 
> Daniel John Debrunner <djd@apache.org> writes: 
> 
>> It is possible to provide a quick summary of what the current state is
>> (what works and what doesn't)?
> 
> Sure.
> 
> Works:
> 
> - Parsing, binding and constant actions for all specified new syntax
>   works (see spec.html attached to DERBY-2207), including persisting
>   and accessing role dictionary information, basic checks and
>   dictionary soft/hard upgrade behavior.  Thus, permissions can be
>   granted and revoked to/from roles, but currently such permissions
>   are not activated when permissions are checked. The relaxing of role
>   name length and SYS prefix reservation is checked in.
> 
> - Tests for the above: RolesTest, two new Changes10_4 fixtures.
> 
> - ij "show roles" command
> 
> Patches available (not committed yet):
> 
>  - SQL session context implementation (DERBY-3327) (routine stack
>    behavior for current roles, schema).
>    Also solves DERBY-1331. Not sure if I should commit this before
>    branch cut; changing default schema semantics and implementation
>    may be risky. Running some performance checks on schema part of
>    this patch now.
> 
> -  Additional checks for "PUBLIC" keyword (DERBY-3333).
> 
> Sandbox stage yet (partly implemented, partly works):
> 
>  - making use of permissions through roles, including
>    in roles in role grant closure
>  - registering dependencies on roles for persistent objects
>    (views, constraints, triggers) and prepared
>    statements/activations
>  - invalidation actions when roles are dropped, role grants revoked, and
>    current role changes.
> 
> Not yet started:
> 
>  - "best effort" attempt to check that new role does not overlap with a
>    user name, cf. spec section  6.1.
>  - memory caching of roles descriptors for performance
>  - user documentation
> 
> Dag
> 
> 

-- 
View this message in context: http://www.nabble.com/Impending-release-branch-cut--how-to-mask-unifinished-roles-feature-tp15627783p16121336.html
Sent from the Apache Derby Developers mailing list archive at Nabble.com.


Mime
View raw message