db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tiago Espinha <ti...@espinhas.net>
Subject Re: Issues with SQL Roles
Date Thu, 09 Apr 2009 17:36:11 GMT
Hello Kathey,
I overlooked this. I thought that roles were set and used on a by-user
basis; personally I find it a little counter-productive that the role has to
be chosen on every session. I am not totally sure how it goes on SQL Server
or MySQL for example, but at least Oracle loads up all the privileges set to
that user through roles. Then you can choose during that session whether you
want to enable or disable certain roles:

We might want to have a look into what's the most common behavior and stick
with that one; if on the other hand we are sticking to our way on this and
it differs from the other RDBMS' way then we might want indeed to make this
more explicit and obvious. I think it is easy to overlook the fact that you
have to SET a role on top of having been granted that role.


On Thu, Apr 9, 2009 at 5:00 PM, Kathey Marsden

> Tiago Espinha wrote:
>> 5) Tried to use TIAGO on another ij spawn and here is what I get:
>> ij> select * from adm.t1;
>> ERROR 42502: User 'TIAGO' does not have SELECT permission on column 'F1'
>> of table 'ADM'.'T1'.
> I think before you do the select, you have to set the role, e.g
> ij>set role readRole;
> Should we make this clearer in the documentation?
> http://db.apache.org/derby/docs/dev/devguide/cdevcsecureroles.html
> Kathey

View raw message