db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3223) SQL roles: make use of privileges granted to roles in actual privilege checking
Date Tue, 19 Aug 2008 16:19:44 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12623712#action_12623712
] 

Rick Hillegas commented on DERBY-3223:
--------------------------------------

Thanks, Dag. I thought that the following paragraphs were useful for understanding the associated
classes:

M      java/engine/org/apache/derby/impl/sql/execute/DropRoleConstantAction.java
M      java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java

When a role is dropped, for every role in its grantee closure, we call
two invalidate actions.  REVOKE_ROLE and INTERNAL_RECOMPILE_REQUEST.
The latter is used to force recompilation of dependent prepared
statements, the former to drop dependent objects (constraints,
triggers and views).  Note that until DERBY-1632 is fixed, we risk
dropping objects not really dependent on this role, but one some other
role just because it inherits from this one.




M      java/engine/org/apache/derby/impl/sql/execute/DDLConstantAction.java

In storeConstraintDependenciesOnPrivileges, for each required
privilege, we now register of a dependency on a role if that role was
required to find an applicable privilege.

In storeViewTriggerDependenciesOnPrivileges, for each required
privilege, we now register of a dependency on a role if that role was
required to find an applicable privilege. Also added a sanity check to
make the trigger does nto depend on schema or role creation privileges.


> SQL roles: make use of privileges granted to roles in actual privilege checking
> -------------------------------------------------------------------------------
>
>                 Key: DERBY-3223
>                 URL: https://issues.apache.org/jira/browse/DERBY-3223
>             Project: Derby
>          Issue Type: Task
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: derby-3223-1a.diff, derby-3223-1a.stat, derby-3223-1b.diff, derby-3223-1b.stat,
derby-3223-1c.diff, derby-3223-1c.stat, derby-3223-1d.diff, derby-3223-1d.stat, derby-3223-activate-roles-1.diff,
derby-3223-activate-roles-1.stat, derby-3223-activate-roles-2.diff, derby-3223-activate-roles-2.stat,
derby-3223-activate-roles-2b.diff, derby-3223-activate-roles-2b.stat, derby-3223-revise-iterator-api-b.diff,
derby-3223-revise-iterator-api-b.stat, derby-3223-revise-iterator-api.diff, derby-3223-revise-iterator-api.stat,
derby-3223-revocation-logic-1.diff, derby-3223-revocation-logic-1.stat, derby-3223-revocation-logic-2.diff,
derby-3223-revocation-logic-2.stat, derby-3223-revocation-logic-2.txt, derby-3223-revocation-logic-3.diff,
derby-3223-revocation-logic-3.stat, derby-3223-revocation-logic-4.diff, derby-3223-revocation-logic-4.stat,
roles.sql, roles2.sql, roles3.sql
>
>
> Pushing out to 10.5

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message