Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 919886CE1 for ; Mon, 25 Jul 2011 21:28:36 +0000 (UTC) Received: (qmail 29563 invoked by uid 500); 25 Jul 2011 21:28:36 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 29178 invoked by uid 500); 25 Jul 2011 21:28:35 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 29155 invoked by uid 99); 25 Jul 2011 21:28:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jul 2011 21:28:35 +0000 X-ASF-Spam-Status: No, hits=-2001.2 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jul 2011 21:28:33 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 9E74A854FF for ; Mon, 25 Jul 2011 21:28:11 +0000 (UTC) Date: Mon, 25 Jul 2011 21:28:11 +0000 (UTC) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Message-ID: <1291421626.5707.1311629291645.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <880983679.14342.1311331377921.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (DERBY-5350) Devguide needs update for definer's rights MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-5350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13070774#comment-13070774 ] Dag H. Wanvik commented on DERBY-5350: -------------------------------------- Back-ported to 10.8 branch as svn 1150919, resolving. > Devguide needs update for definer's rights > ------------------------------------------ > > Key: DERBY-5350 > URL: https://issues.apache.org/jira/browse/DERBY-5350 > Project: Derby > Issue Type: Bug > Components: Documentation > Affects Versions: 10.8.1.2 > Reporter: Knut Anders Hatlen > Assignee: Dag H. Wanvik > Attachments: cdevcsecureroles.html, cdevcsecureroles.html, derby-5330a.diff, derby-5350b.diff > > > I found the following in the Using SQL roles topic of the devguide: > "Within stored procedures and functions that contain SQL, the current role is on the authorization stack. Initially, inside a nested connection, the current role is set to that of the calling context." > http://db.apache.org/derby/docs/10.8/devguide/cdevcsecureroles.html > I think this is only correct for procedures running with invoker's rights. For procedures running with definer's rights, no role is set initially, according to the CREATE PROCEDURE statement topic in the reference manual: > "When the procedure is first invoked, no role is set; even if the invoker has set a current role, the procedure running with definer's rights has no current role set initially." > http://db.apache.org/derby/docs/10.8/ref/rrefcreateprocedurestatement.html -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira