Hi Frank,
Thanks for wanting to test-drive this feature. The Roles work has been
postponed to the next feature release. The DerbyTenFourRelease wiki page
says that the Roles work is postponed, but that indication is easy to
miss because it's in the far right column of the table of features.
Hope this helps,
-Rick
fp wrote:
I get a little bit confused about the SQL Role Feature.
Is it part of the 10.4.1 Release as stated on
http://wiki.apache.org/db-derby/DerbyTenFourRelease
or not as in the RELEASE-NOTES of the 10.4.1.0 beta - (637204M).
When i set the property -Dderby.database.sqlAuthorization=true and execute
create role
I get an error 42Z60: CREATE ROLE not allowed unless database property
derby.database.sq
lAuthorization has value 'TRUE'.
But the Table select * from sys.sysroles; ist there.
What's the status quo with SQL ROLES?
Dag H. Wanvik wrote:
Daniel John Debrunner <[EMAIL PROTECTED]> writes:
It is possible to provide a quick summary of what the current state is
(what works and what doesn't)?
Sure.
Works:
- Parsing, binding and constant actions for all specified new syntax
works (see spec.html attached to DERBY-2207), including persisting
and accessing role dictionary information, basic checks and
dictionary soft/hard upgrade behavior. Thus, permissions can be
granted and revoked to/from roles, but currently such permissions
are not activated when permissions are checked. The relaxing of role
name length and SYS prefix reservation is checked in.
- Tests for the above: RolesTest, two new Changes10_4 fixtures.
- ij "show roles" command
Patches available (not committed yet):
- SQL session context implementation (DERBY-3327) (routine stack
behavior for current roles, schema).
Also solves DERBY-1331. Not sure if I should commit this before
branch cut; changing default schema semantics and implementation
may be risky. Running some performance checks on schema part of
this patch now.
- Additional checks for "PUBLIC" keyword (DERBY-3333).
Sandbox stage yet (partly implemented, partly works):
- making use of permissions through roles, including
in roles in role grant closure
- registering dependencies on roles for persistent objects
(views, constraints, triggers) and prepared
statements/activations
- invalidation actions when roles are dropped, role grants revoked, and
current role changes.
Not yet started:
- "best effort" attempt to check that new role does not overlap with a
user name, cf. spec section 6.1.
- memory caching of roles descriptors for performance
- user documentation
Dag
