[jira] Commented: (DERBY-3137) SQL roles: add catalog support

Tue, 29 Jan 2008 21:42:54 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-3137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12563842#action_12563842
 ] 

Daniel John Debrunner commented on DERBY-3137:
----------------------------------------------

As a comparison SET ROLE behaves as follows for:

Postgres : Supports NONE. Role name is an identifier or a literal
   quote: "PostgreSQL allows identifier syntax ("rolename"), while the SQL 
standard requires the role name to be written as a string literal."

Oracle: Supports NONE. Role name seems to be only an identifier.

DB2: Does not support NONE. Role name seems to be only an identifier.
    Also DB2's SET ROLE is used to verify membership of a role, it doesn't set 
the current role (DB2 performs authorization based upon the user id).

The only commonality seems to be use of an identifier, which is not SQL 
standard, though it's ok for Derby as a "de-facto" standard.

DB2 also reserves some roles for use as system roles, ie. any role beginning 
with SYS. If we imagine a day when Derby might need builtin roles for system 
administration it would be good to protect a namespace now, rather than 
introducing one later.



> SQL roles: add catalog support
> ------------------------------
>
>                 Key: DERBY-3137
>                 URL: https://issues.apache.org/jira/browse/DERBY-3137
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3137-2.diff, DERBY-3137-2.stat, DERBY-3137-2.txt, 
> DERBY-3137-uuid.diff, DERBY-3137-uuid.stat, DERBY-3137.diff, DERBY-3137.diff, 
> DERBY-3137.stat, DERBY-3137.txt
>
>
> As a next step after adding support for the roles syntax, I intend to
> make a patch which implements catalog support for roles,
> cf. SYS.SYSROLES described in the specification (attached to
> DERBY-2207). Also the patch should tie this support up to the parser
> support, so the role statements can be executed. Any privileges
> granted to roles would still have no effect at run-time.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to