db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3722) Add circularity check for the GRANT role statement
Date Mon, 16 Jun 2008 16:35:47 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605340#action_12605340

Dag H. Wanvik commented on DERBY-3722:

Thanks for looking at this Rick!

I just posted a new version of the patch to answer Kristian's
comments, btw.

> 1) Thanks for the diagram. Are there some missing GRANTS? For
> instance the GRANT of a3 to d is in the graph but not in the block
> of SQL preceding the graph.

There is a typo: "GRANT a2 to d" should read "GRANT a3 to d". I will
fix that.

> b) One arc for each role which can be connected by some curve to the
> desired role. If there are many curves connecting two roles, then we
> cannot predict which arc will appear in the list.

This is correct. I said in the javadoc it is not defined which arc is
returned in such a case. I see it can be a bit confusing to return the
arcs (the role grant descriptors) rather than just the nodes (the role
name string) when iterating over the closure. I will reconsider this, I think.

> RoleClosureIteratorImpl
> 1) I think it would be good if the arguments to the constructor were
> documented. Then the reader wouldn't have to flip back and forth
> between this class and the DataDictionary.

The latest patch does that.

> Add circularity check for the GRANT role statement
> --------------------------------------------------
>                 Key: DERBY-3722
>                 URL: https://issues.apache.org/jira/browse/DERBY-3722
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For:
>         Attachments: derby-3722-1.diff, derby-3722-1.stat, derby-3722-2.diff, derby-3722-2.stat
> When a role is granted to another role (with the GRANT <role> statement), we need
to check that the grant relation does not give rise to a circularity. This is described in
Section 12.5, Syntax rule 1 of ISO/IEC 9075-2 2003.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message