Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 8362 invoked from network); 15 Apr 2009 14:13:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Apr 2009 14:13:46 -0000 Received: (qmail 17384 invoked by uid 500); 15 Apr 2009 14:13:46 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 17311 invoked by uid 500); 15 Apr 2009 14:13:45 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 17303 invoked by uid 99); 15 Apr 2009 14:13:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2009 14:13:45 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2009 14:13:35 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2325B29A0015 for ; Wed, 15 Apr 2009 07:13:15 -0700 (PDT) Message-ID: <501653443.1239804795142.JavaMail.jira@brutus> Date: Wed, 15 Apr 2009 07:13:15 -0700 (PDT) From: "Tiago R. Espinha (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Created: (DERBY-4162) SQL Roles - Add the possibility for a default role for each user MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org SQL Roles - Add the possibility for a default role for each user ---------------------------------------------------------------- Key: DERBY-4162 URL: https://issues.apache.org/jira/browse/DERBY-4162 Project: Derby Issue Type: Improvement Components: SQL Reporter: Tiago R. Espinha Priority: Minor Fix For: 10.6.0.0 We should have the ability to set a role (or several roles) as the default role(s) for a user. This should also be kept optional, that is we should be able to have the behavior described in the standard: roles can be selected manually through the SET ROLE. Dag said on the list that there is room for having this added functionality, in the sense that it does not collide with what the standard stipulates. Additionally, I have a suggestion. While the implementation of this feature is vendor-based, I believe that Oracle's approach on it is a very user-friendly and intuitive one. On Oracle we can set several default roles and all these will be enabled by default. The user can then manually disable certain roles after they start a session, but the crucial point is that these are enabled by default. I do not think there is any security risk involved here, as if the role is there and it is available to the user, then they are permissions that the user owns anyway. In a real world scenario I believe that the most common behavior is having a role per user, which lessens any security concerns even further. Here's an overview of how the roles work on Oracle: http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_10004.htm -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.