db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3193) SQL roles: Add documentation
Date Tue, 28 Oct 2008 11:08:46 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643182#action_12643182
] 

Dag H. Wanvik commented on DERBY-3193:
--------------------------------------

Thanks for looking at this, Kim!

> In section 5.6, the second paragraph is a bit confusing. Does "the
> latter" refer to "all the privileges granted to the current role and
> to the roles contained in the current role"? And should "the union of
> privileges roles" be just "the union of privileges"? And is the rest
> of the sentence correct?

Right, "latter" is ambiguous here. I'll try to phrase it differently:

When a role is set for a session, the session has a set of privileges
which is the union of
- the privileges granted directly to the current user
- the privileges granted to PUBLIC
- the privileges granted to the current role and to roles contained in
  the current role.

The term "contained" needs to be explained somewhere and linked to
from usage sites, I think:

"A role A is contained in another role B when A is granted to B, or A
is contained in a role C which is granted to B" (recursive definition).

> In section 5.8, the second sentence is confusing:

> "If the role loses that privilege, and a session has a current
> role which is that role or a role that contains that role, the session
> may lose that privilege, unless it available the current user, or to
> PUBLIC or another role contained in the current role."

Indeed pretty opaque ;) Another go:

"If the role loses that privilege, and a session has a current
role which is that role or a role that contains that role, the session
will lose that privilege, unless:

- it is granted directly to the current user, or
- it is granted to PUBLIC, or
- it is also granted to another role in the set of the current role and its
  contained roles. 






> SQL roles: Add documentation
> ----------------------------
>
>                 Key: DERBY-3193
>                 URL: https://issues.apache.org/jira/browse/DERBY-3193
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>            Reporter: Dag H. Wanvik
>            Assignee: Kim Haase
>             Fix For: 10.5.0.0
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message