Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 96081 invoked from network); 18 Mar 2008 13:34:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 18 Mar 2008 13:34:37 -0000 Received: (qmail 97715 invoked by uid 500); 18 Mar 2008 13:34:35 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 97509 invoked by uid 500); 18 Mar 2008 13:34:34 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 97500 invoked by uid 99); 18 Mar 2008 13:34:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2008 06:34:34 -0700 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2008 13:33:55 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Jbbx8-0002yR-C4 for derby-dev@db.apache.org; Tue, 18 Mar 2008 06:34:06 -0700 Message-ID: <16121336.post@talk.nabble.com> Date: Tue, 18 Mar 2008 06:34:06 -0700 (PDT) From: fp To: derby-dev@db.apache.org Subject: Re: Impending release branch cut; how to mask unifinished roles feature In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: Frank.Pientka@impaqgroup.com References: <18366.21982.268121.803771@gargle.gargle.HOWL> <47BEED34.2000700@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org I get a little bit confused about the SQL Role Feature. Is it part of the 10.4.1 Release as stated on http://wiki.apache.org/db-derby/DerbyTenFourRelease or not as in the RELEASE-NOTES of the 10.4.1.0 beta - (637204M). When i set the property -Dderby.database.sqlAuthorization=true and execute create role I get an error 42Z60: CREATE ROLE not allowed unless database property derby.database.sq lAuthorization has value 'TRUE'. But the Table select * from sys.sysroles; ist there. What's the status quo with SQL ROLES? Dag H. Wanvik wrote: > > Daniel John Debrunner writes: > >> It is possible to provide a quick summary of what the current state is >> (what works and what doesn't)? > > Sure. > > Works: > > - Parsing, binding and constant actions for all specified new syntax > works (see spec.html attached to DERBY-2207), including persisting > and accessing role dictionary information, basic checks and > dictionary soft/hard upgrade behavior. Thus, permissions can be > granted and revoked to/from roles, but currently such permissions > are not activated when permissions are checked. The relaxing of role > name length and SYS prefix reservation is checked in. > > - Tests for the above: RolesTest, two new Changes10_4 fixtures. > > - ij "show roles" command > > Patches available (not committed yet): > > - SQL session context implementation (DERBY-3327) (routine stack > behavior for current roles, schema). > Also solves DERBY-1331. Not sure if I should commit this before > branch cut; changing default schema semantics and implementation > may be risky. Running some performance checks on schema part of > this patch now. > > - Additional checks for "PUBLIC" keyword (DERBY-3333). > > Sandbox stage yet (partly implemented, partly works): > > - making use of permissions through roles, including > in roles in role grant closure > - registering dependencies on roles for persistent objects > (views, constraints, triggers) and prepared > statements/activations > - invalidation actions when roles are dropped, role grants revoked, and > current role changes. > > Not yet started: > > - "best effort" attempt to check that new role does not overlap with a > user name, cf. spec section 6.1. > - memory caching of roles descriptors for performance > - user documentation > > Dag > > -- View this message in context: http://www.nabble.com/Impending-release-branch-cut--how-to-mask-unifinished-roles-feature-tp15627783p16121336.html Sent from the Apache Derby Developers mailing list archive at Nabble.com.