10.02.2022 15:57, Adriano dos Santos Fernandes wrote:
If we need to take roles into an account - only for attachment with same
USER.
Even without shared cache, user can change its roles with SET ROLES and
new prepared statements should work as before even when they were
previously cached with different roles.
I'm not sure I get why security credentials should affect the cache at
all. From the runtime POV, all BLR/SQL operations
(current_user/current_role/rdb$*_roles) are redirected to Attachment,
AFAIK we don't store anything role-specific inside the statement tree.
From the security POV, we just need to execute verifyAccess() for the
request retrieved from the cache.
What am I missing?
Dmitry
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
