I get a little bit confused about the SQL Role Feature. Is it part of the 10.4.1 Release as stated on http://wiki.apache.org/db-derby/DerbyTenFourRelease or not as in the RELEASE-NOTES of the 10.4.1.0 beta - (637204M).
When i set the property -Dderby.database.sqlAuthorization=true and execute create role I get an error 42Z60: CREATE ROLE not allowed unless database property derby.database.sq lAuthorization has value 'TRUE'. But the Table select * from sys.sysroles; ist there. What's the status quo with SQL ROLES? Dag H. Wanvik wrote: > > Daniel John Debrunner <[EMAIL PROTECTED]> writes: > >> It is possible to provide a quick summary of what the current state is >> (what works and what doesn't)? > > Sure. > > Works: > > - Parsing, binding and constant actions for all specified new syntax > works (see spec.html attached to DERBY-2207), including persisting > and accessing role dictionary information, basic checks and > dictionary soft/hard upgrade behavior. Thus, permissions can be > granted and revoked to/from roles, but currently such permissions > are not activated when permissions are checked. The relaxing of role > name length and SYS prefix reservation is checked in. > > - Tests for the above: RolesTest, two new Changes10_4 fixtures. > > - ij "show roles" command > > Patches available (not committed yet): > > - SQL session context implementation (DERBY-3327) (routine stack > behavior for current roles, schema). > Also solves DERBY-1331. Not sure if I should commit this before > branch cut; changing default schema semantics and implementation > may be risky. Running some performance checks on schema part of > this patch now. > > - Additional checks for "PUBLIC" keyword (DERBY-3333). > > Sandbox stage yet (partly implemented, partly works): > > - making use of permissions through roles, including > in roles in role grant closure > - registering dependencies on roles for persistent objects > (views, constraints, triggers) and prepared > statements/activations > - invalidation actions when roles are dropped, role grants revoked, and > current role changes. > > Not yet started: > > - "best effort" attempt to check that new role does not overlap with a > user name, cf. spec section 6.1. > - memory caching of roles descriptors for performance > - user documentation > > Dag > > -- View this message in context: http://www.nabble.com/Impending-release-branch-cut--how-to-mask-unifinished-roles-feature-tp15627783p16121336.html Sent from the Apache Derby Developers mailing list archive at Nabble.com.
