db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-3146) Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
Date Wed, 09 May 2012 22:07:48 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13271866#comment-13271866
] 

Kim Haase commented on DERBY-3146:
----------------------------------

I'm not sure that a documentation patch will be needed, since we have been documenting the
relevant table columns as being VARCHAR(128) since (I think?) 10.5. (If there are any places
where we say user names are limited to 30 characters, though, we'd better fix them; I haven't
found any.) 

I don't think we have ever documented the return value of DataBaseMetaData#getMaxUserNameLength,
so we certainly don't need more than a release note for that.
                
> Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3146
>                 URL: https://issues.apache.org/jira/browse/DERBY-3146
>             Project: Derby
>          Issue Type: Improvement
>          Components: SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>            Priority: Minor
>         Attachments: DERBY-3146.diff, DERBY-3146.stat
>
>
> While working on roles, I notice that there is a max size of 30 on
> user ids in derby (authorization identifiers), e.g. the check being
> performed in the parser:
> private void checkAuthorizationLength( String authorization)
> :
>    checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);
> :
> where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
> think there are any fundamental reasons why Derby can't lift this DB2
> restriction: Then authorization identifiers would have the same max
> limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).
> Currently, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the
> grantees.
> However, in the CREATE SCHEMA statement, the clause
>          AUTHORIZATION <authorization identifier>
> which allows specifying a schema's owner, is *not* subject to this
> restriction. This is also reflected in the reference documentation for
> system tables:
>       
> SYS.SYSCHEMAS:
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> AUTHORIZATIONID VARCHAR 128     false           the authorization
>                                                 identifier of the
>                                                 owner of the schema  
> SYS.SYSTABLEPERMS:
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> GRANTEE 	VARCHAR 30 	False 	        The authorization ID
>                                                 of the user to whom
>                                                 the privilege is
>                                                 granted.  
> Furthermore, the limit is enforced in the authorizer code
> (AuthorizationServiceBase#authenticate). It is also reflected in the
> metadata: EmbedDatabaseMetaData#getMaxUserNameLength.
> I think it would be good to harmonize these two different limits for
> authorization identifier and change the limit to 128
> (Limits.MAX_IDENTIFIER_LENGTH).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message