[
https://issues.apache.org/jira/browse/DERBY-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561420#action_12561420
]
Daniel John Debrunner commented on DERBY-2207:
----------------------------------------------
Couple of questions about section 5.3 of the spec.
Section 5.3) > (Implementation restriction) Currently in Derby, user identifier
can be max 30 characters long. Until this restriction is lifted, roles will
have the same limit,
Can this restriction be explained? Since a role is not a user identifier,
why should a limit on user identifier impact role name?
Section 6.1 The name authorization identifier name space issue or maybe
section 5.4
When granting a privilege can you specify the behaviour for roles/users. I
think it is that if the grantee exists as a role then the privilege is granted
to that role, otherwise grantee is treated as a user identifier. I think this
falls out of the current grant implementation, ie. the grant doesn't actually
care if grantee is a role name or a user name, it just updates the catalogs.
Good to be explicit here.
> Improve usability of Derby's client/server security by implementing ANSI Roles
> ------------------------------------------------------------------------------
>
> Key: DERBY-2207
> URL: https://issues.apache.org/jira/browse/DERBY-2207
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: spec.html, spec.html, spec.html, spec.html, spec.html,
> spec.html
>
>
> Implementing ANSI Roles will make it easier to manage security for multi-user
> applications with high user turnover.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
