[
https://issues.apache.org/jira/browse/DERBY-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-3223:
---------------------------------
Attachment: roles.sql
Thanks for the patch, Dag. I've attached a test case (roles.sql), which shows
some behavior which puzzled me. This is what the patch does:
1) Creates a table and some roles.
2) Grants a select privilege to one of the roles.
3) Grants that role to another user.
4) Logs in as that user, sets that role, and successfully selects from the
table.
5) Switches back to the original user and revokes the role from the second user.
6) Switches back to the second user and verifies that select privilege has been
lost.
So far, so good. What's puzzling me is that after the role is revoked, the
second user's session still reports that its current role is the revoked role.
It would have seemed more sensible to me if the current role had become null or
NONE.
> SQL roles: make use of privileges granted to roles in actual privilege
> checking
> -------------------------------------------------------------------------------
>
> Key: DERBY-3223
> URL: https://issues.apache.org/jira/browse/DERBY-3223
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3223-1a.diff, derby-3223-1a.stat, roles.sql
>
>
> Pushing out to 10.5
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
