db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4505) Document that views, triggers, and constraints run with definer's rights rather than invoker's rights
Date Fri, 08 Jan 2010 16:00:57 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12798048#action_12798048

Kim Haase commented on DERBY-4505:

About the TOC issue -- the new topic (and its parent, "Using SQL standard authorization")
show up in the HTML pages TOC and in the left-side bookmarks for the PDF, but they are both
nested too deeply to show up in the regular TOC in the PDF and HTML single versions, which
only go down 3 levels. Hope this isn't a major concern.

Rewriting the security documentation might change this, and there might be a way to change
the TOC nesting level generally (though it appears to be buried deep in the DITA toolkit).

> Document that views, triggers, and constraints run with definer's rights rather than
invoker's rights
> -----------------------------------------------------------------------------------------------------
>                 Key: DERBY-4505
>                 URL: https://issues.apache.org/jira/browse/DERBY-4505
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions:,,,,,,,,
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
> Comments like the following can be found in the code, including this particular example
from DDLConstantAction.storeConstraintDependenciesOnPrivileges():
> 	 *  Views and triggers and constraints run with definer's privileges.
> This is an important behavior of Derby privileges which deserves to be documented. I
can find only one glancing reference to this behavior, viz., in the Reference Guide section
on the REVOKE command. There we learn that:
> "You must use the RESTRICT clause on REVOKE statements for routines. The RESTRICT clause
specifies that the EXECUTE privilege cannot be revoked if the specified routine is used in
a view, trigger, or constraint, and the privilege is being revoked from the owner of the view,
trigger, or constraint."
> From that lone statement, a clever reader might deduce that Derby views, triggers, and
constraints run with definer rather than invoker rights. But that is not the clear meaning
of that statement in the Reference Guide. To draw the necessary conclusion from that statement
the reader would have to be clever enough to understand the SQL Standard's tricky language
around definer and invoker rights--and that would be a very clever reader indeed.
> In short, we need to document this behavior explicitly. I consider this hole in our documentation
to be a serious enough defect that I am marking this issue as a Bug.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message