Hi, Dag. Thanks for this spec, this looks like a nice addition to Derby. I have a couple of comments:
- It would be great to have some examples in addition to showing the changes to the reference manual. Identify some standard use cases (Create Role, Grant Role, Revoke Role, Access Resource) and show what commands are executed and what happens as a result. This is not just for reviewers' sake, but also for doc writers (and blog writers :)) The example you have is useful for understanding the spec, but not necessarily so useful for understanding the common use cases. - What is the motivation to choose not to support a default role when a user signs in. Alternately, if a user is granted roles A and B, why not given them the union of the two privileges for role A and B. Why does the user have to select the role they want to have for a given session? That seems counter-intuitive. At a minimum, if the SQL spec requires you have to 'wear only one hat at a time," at least I'd like to choose my default hat - that is, be able to specify my default role unless I choose a different one using the SET ROLE command. Thanks! David On 9/13/07, Dag H. Wanvik <[EMAIL PROTECTED]> wrote: > > Hi all, > > just in case you didn't see it in the JIRA mails, I just uploaded a > draft spec for adding roles to Derby (DERBY-2207). Any feedback is > appreciated :) > > http://issues.apache.org/jira/secure/attachment/12365783/spec.html > > Thanks, > Dag >
