Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 71232 invoked from network); 28 Apr 2009 16:39:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Apr 2009 16:39:53 -0000 Received: (qmail 24699 invoked by uid 500); 28 Apr 2009 16:39:53 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 24677 invoked by uid 500); 28 Apr 2009 16:39:53 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 24669 invoked by uid 99); 28 Apr 2009 16:39:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Apr 2009 16:39:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Apr 2009 16:39:51 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 8E42F234C045 for ; Tue, 28 Apr 2009 09:39:30 -0700 (PDT) Message-ID: <1380350524.1240936770581.JavaMail.jira@brutus> Date: Tue, 28 Apr 2009 09:39:30 -0700 (PDT) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-4161) SQL Roles - Clarify documentation regarding the SET ROLE In-Reply-To: <1927564078.1239802277334.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-4161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703709#action_12703709 ] Dag H. Wanvik commented on DERBY-4161: -------------------------------------- Thanks, Kim! Sorry for the late comment on this issue. Looks good, just one clarification: > SET ROLE taskLeaderA; > If the database owner granted the taskLeaderA role to a user, that user would have all the privileges associated with the > taskLeaderA, updater, and reader roles. The first part of the above statement is a bit misleading, in that if the role has *not* been granted to the user, the SET ROLE statement would fail. Perhaps say, Presuming the database owner granted the taskLeaderA role to a user, that user be allowed to set the role as shown and would have all the privileges granted to the taskLeaderA, updater, and reader roles. > SQL Roles - Clarify documentation regarding the SET ROLE > -------------------------------------------------------- > > Key: DERBY-4161 > URL: https://issues.apache.org/jira/browse/DERBY-4161 > Project: Derby > Issue Type: Improvement > Components: Documentation > Affects Versions: 10.5.1.1 > Reporter: Tiago R. Espinha > Assignee: Kim Haase > Attachments: cdevcsecureroles.html, DERBY-4161.diff > > > After discussing this issue on the mailing list, it has been agreed that the documentation regarding the usage of SQL roles needs to be clarified. > Namely, it should be clearer that a session does not have a role set by default and that as such, a SET ROLE must be issued to enable a specific role. > Further along the path, we may want to have the ability of setting a default role but for now and for the release of 10.5 this is the shortest and best course to follow. > Kim had already suggested an addition to the documentation on the list; maybe she'd like to take on this issue? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.