db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3327) SQL roles: Implement authorization stack (and SQL session context to hold it)
Date Fri, 28 Mar 2008 18:32:24 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-3327:
---------------------------------

    Description: 
The current LanguageConnectionContext keeps the user authorization identifier for an SQL session.
The lcc is shared context also for nested connections (opened from stored procedures).
So far, for roles, the current role has been stored in the lcc also. However, SQL requires
that
authorization identifers be pushed on a "authorization stack" when calling a stored procedure,
cf.
SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i.
This allows a caller to keep its current role after a call even if changed by the stored procedure.

This issue will implement the current role name part ("cell") of the authorization stack.


The authorization stack will be implemented as of the SQL session context.
The patch will also implement the pushing of the current unqualified schema name part of
the SQL session context, cf. 10.4 GR 5a (DERBY-1331).

  was:
The current LanguageConnectionContext keeps the user authorization identifier for an SQL session.
The lcc is shared context also for nested connections (opened from stored procedures).
So far, for roles, the current role has been stored in the lcc also. However, SQL requires
that
authorization identifers be pushed on a "authorization stack" when calling a stored procedure,
cf.
SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
This allows a caller to keep its current role after a call even if changed by the stored procedure.

This issue will implement the current role name part ("cell") of the authorization stack.



> SQL roles: Implement authorization stack (and SQL session context to hold it)
> -----------------------------------------------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, DERBY-3327-2.stat,
DERBY-3327-3.diff, DERBY-3327-3.stat, DERBY-3327-4-full-b.diff, DERBY-3327-4-full-b.stat,
DERBY-3327-4-full-c.diff, DERBY-3327-4-full-c.stat, DERBY-3327-4-full-d.diff, DERBY-3327-4-full-d.stat,
DERBY-3327-4-full.diff, DERBY-3327-4-full.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier for an
SQL session.
> The lcc is shared context also for nested connections (opened from stored procedures).
> So far, for roles, the current role has been stored in the lcc also. However, SQL requires
that
> authorization identifers be pushed on a "authorization stack" when calling a stored procedure,
cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i.
> This allows a caller to keep its current role after a call even if changed by the stored
procedure.
> This issue will implement the current role name part ("cell") of the authorization stack.

> The authorization stack will be implemented as of the SQL session context.
> The patch will also implement the pushing of the current unqualified schema name part
of
> the SQL session context, cf. 10.4 GR 5a (DERBY-1331).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message