db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Impending release branch cut; how to mask unifinished roles feature
Date Tue, 18 Mar 2008 13:50:31 GMT
Hi Frank,

Thanks for wanting to test-drive this feature. The Roles work has been 
postponed to the next feature release. The DerbyTenFourRelease wiki page 
says that the Roles work is postponed, but that indication is easy to 
miss because it's in the far right column of the table of features.

Hope this helps,

fp wrote:
> I get a little bit confused about the SQL Role Feature. 
> Is it part of the 10.4.1 Release as stated on
> http://wiki.apache.org/db-derby/DerbyTenFourRelease
> or not as in the RELEASE-NOTES of the beta - (637204M).
> When i set the property -Dderby.database.sqlAuthorization=true and execute
> create role
> I get an error 42Z60: CREATE ROLE not allowed unless database property
> derby.database.sq
> lAuthorization has value 'TRUE'.
> But the Table select * from sys.sysroles; ist there.
> What's the status quo with SQL ROLES?
> Dag H. Wanvik wrote:
>> Daniel John Debrunner <djd@apache.org> writes: 
>>> It is possible to provide a quick summary of what the current state is
>>> (what works and what doesn't)?
>> Sure.
>> Works:
>> - Parsing, binding and constant actions for all specified new syntax
>>   works (see spec.html attached to DERBY-2207), including persisting
>>   and accessing role dictionary information, basic checks and
>>   dictionary soft/hard upgrade behavior.  Thus, permissions can be
>>   granted and revoked to/from roles, but currently such permissions
>>   are not activated when permissions are checked. The relaxing of role
>>   name length and SYS prefix reservation is checked in.
>> - Tests for the above: RolesTest, two new Changes10_4 fixtures.
>> - ij "show roles" command
>> Patches available (not committed yet):
>>  - SQL session context implementation (DERBY-3327) (routine stack
>>    behavior for current roles, schema).
>>    Also solves DERBY-1331. Not sure if I should commit this before
>>    branch cut; changing default schema semantics and implementation
>>    may be risky. Running some performance checks on schema part of
>>    this patch now.
>> -  Additional checks for "PUBLIC" keyword (DERBY-3333).
>> Sandbox stage yet (partly implemented, partly works):
>>  - making use of permissions through roles, including
>>    in roles in role grant closure
>>  - registering dependencies on roles for persistent objects
>>    (views, constraints, triggers) and prepared
>>    statements/activations
>>  - invalidation actions when roles are dropped, role grants revoked, and
>>    current role changes.
>> Not yet started:
>>  - "best effort" attempt to check that new role does not overlap with a
>>    user name, cf. spec section  6.1.
>>  - memory caching of roles descriptors for performance
>>  - user documentation
>> Dag

View raw message