db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3223) SQL roles: make use of privileges granted to roles in actual privilege checking
Date Fri, 11 Apr 2008 19:30:06 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-3223:

    Attachment: roles.sql

Thanks for the patch, Dag. I've attached a test case (roles.sql), which shows some behavior
which puzzled me. This is what the patch does:

1) Creates a table and some roles.
2) Grants a select privilege to one of the roles.
3) Grants that role to another user.
4) Logs in as that user, sets that role, and successfully selects from the table.
5) Switches back to the original user and revokes the role from the second user.
6) Switches back to the second user and verifies that select privilege has been lost.

So far, so good. What's puzzling me is that after the role is revoked, the second user's session
still reports that its current role is the revoked role. It would have seemed more sensible
to me if the current role had become null or NONE.

> SQL roles: make use of privileges granted to roles in actual privilege checking
> -------------------------------------------------------------------------------
>                 Key: DERBY-3223
>                 URL: https://issues.apache.org/jira/browse/DERBY-3223
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For:
>         Attachments: derby-3223-1a.diff, derby-3223-1a.stat, roles.sql
> Pushing out to 10.5

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message