[jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack

Fri, 18 Jan 2008 15:23:59 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560598#action_12560598
 ] 

Dag H. Wanvik commented on DERBY-3327:
--------------------------------------

Thanks for looking at this, Rick!
Re your question:
Not really, just to emphaszie that this field will only ever hold the current 
role of a stored procedure scope; never
the outer scope. But since it can be confusing, I will change it to currentRole 
and leave the it to the comments
to explain this fact. 

Btw, I have vacillated a bit over whether to call the field holding the current 
role (a string)
currentRole, currentRoleName or currentRoleId. The standard uses the term 
"authorization identifier"
(generic for both user and role), but also plain "role name". But in SQL 
section 5.4 I see the syntax is specified as
  
 <authorization identifier> ::=
       <role name>
     | <user identifier> 

so I will rename fields and arguments whereever appropriate to currentRoleName 
and roleName at some point,
I think.  Also,the current code uses "authorizationId" for *user identifier* in 
many places which can also be 
confusing now that roles are introduced. This should probably be cleaned up as 
well.

> SQL roles: Implement authorization stack
> ----------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier 
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored 
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However, 
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a 
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by 
> the stored procedure.
> This issue will implement the current role name part ("cell") of the 
> authorization stack. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to