db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3722) Add circularity check for the GRANT role statement
Date Mon, 16 Jun 2008 16:07:45 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605332#action_12605332
] 

Rick Hillegas commented on DERBY-3722:
--------------------------------------

Thanks for the patch, Dag. It looks like a lot of the changes are formatting changes and/or
changes to names. I have a couple comments:

RoleClosureIterator

1) Thanks for the diagram. Are there some missing GRANTS? For instance the GRANT of a3 to
d is in the graph but not in the block of SQL preceding the graph.

2) I am having difficulty understanding what the iterator will list. There are some "or"s
in the examples which lead me to think that the list is not deterministic. Could you clarify
if the list is one of the following or something else?

a) A list of all arcs which are part of some curve terminating in the desired role.

b) One arc for each role which can be connected by some curve to the desired role. If there
are many curves connecting two roles, then we cannot predict which arc will appear in the
list.


RoleClosureIteratorImpl

1) I think it would be good if the arguments to the constructor were documented. Then the
reader wouldn't have to flip back and forth between this class and the DataDictionary.


> Add circularity check for the GRANT role statement
> --------------------------------------------------
>
>                 Key: DERBY-3722
>                 URL: https://issues.apache.org/jira/browse/DERBY-3722
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: derby-3722-1.diff, derby-3722-1.stat
>
>
> When a role is granted to another role (with the GRANT <role> statement), we need
to check that the grant relation does not give rise to a circularity. This is described in
Section 12.5, Syntax rule 1 of ISO/IEC 9075-2 2003.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message