[
https://issues.apache.org/jira/browse/DERBY-3722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605332#action_12605332
]
Rick Hillegas commented on DERBY-3722:
--------------------------------------
Thanks for the patch, Dag. It looks like a lot of the changes are formatting
changes and/or changes to names. I have a couple comments:
RoleClosureIterator
1) Thanks for the diagram. Are there some missing GRANTS? For instance the
GRANT of a3 to d is in the graph but not in the block of SQL preceding the
graph.
2) I am having difficulty understanding what the iterator will list. There are
some "or"s in the examples which lead me to think that the list is not
deterministic. Could you clarify if the list is one of the following or
something else?
a) A list of all arcs which are part of some curve terminating in the desired
role.
b) One arc for each role which can be connected by some curve to the desired
role. If there are many curves connecting two roles, then we cannot predict
which arc will appear in the list.
RoleClosureIteratorImpl
1) I think it would be good if the arguments to the constructor were
documented. Then the reader wouldn't have to flip back and forth between this
class and the DataDictionary.
> Add circularity check for the GRANT role statement
> --------------------------------------------------
>
> Key: DERBY-3722
> URL: https://issues.apache.org/jira/browse/DERBY-3722
> Project: Derby
> Issue Type: Sub-task
> Components: Security, SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3722-1.diff, derby-3722-1.stat
>
>
> When a role is granted to another role (with the GRANT <role> statement), we
> need to check that the grant relation does not give rise to a circularity.
> This is described in Section 12.5, Syntax rule 1 of ISO/IEC 9075-2 2003.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
