[
https://issues.apache.org/jira/browse/DERBY-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12623712#action_12623712
]
Rick Hillegas commented on DERBY-3223:
--------------------------------------
Thanks, Dag. I thought that the following paragraphs were useful for
understanding the associated classes:
M java/engine/org/apache/derby/impl/sql/execute/DropRoleConstantAction.java
M
java/engine/org/apache/derby/impl/sql/execute/RevokeRoleConstantAction.java
When a role is dropped, for every role in its grantee closure, we call
two invalidate actions. REVOKE_ROLE and INTERNAL_RECOMPILE_REQUEST.
The latter is used to force recompilation of dependent prepared
statements, the former to drop dependent objects (constraints,
triggers and views). Note that until DERBY-1632 is fixed, we risk
dropping objects not really dependent on this role, but one some other
role just because it inherits from this one.
M java/engine/org/apache/derby/impl/sql/execute/DDLConstantAction.java
In storeConstraintDependenciesOnPrivileges, for each required
privilege, we now register of a dependency on a role if that role was
required to find an applicable privilege.
In storeViewTriggerDependenciesOnPrivileges, for each required
privilege, we now register of a dependency on a role if that role was
required to find an applicable privilege. Also added a sanity check to
make the trigger does nto depend on schema or role creation privileges.
> SQL roles: make use of privileges granted to roles in actual privilege
> checking
> -------------------------------------------------------------------------------
>
> Key: DERBY-3223
> URL: https://issues.apache.org/jira/browse/DERBY-3223
> Project: Derby
> Issue Type: Task
> Components: Security, SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3223-1a.diff, derby-3223-1a.stat,
> derby-3223-1b.diff, derby-3223-1b.stat, derby-3223-1c.diff,
> derby-3223-1c.stat, derby-3223-1d.diff, derby-3223-1d.stat,
> derby-3223-activate-roles-1.diff, derby-3223-activate-roles-1.stat,
> derby-3223-activate-roles-2.diff, derby-3223-activate-roles-2.stat,
> derby-3223-activate-roles-2b.diff, derby-3223-activate-roles-2b.stat,
> derby-3223-revise-iterator-api-b.diff, derby-3223-revise-iterator-api-b.stat,
> derby-3223-revise-iterator-api.diff, derby-3223-revise-iterator-api.stat,
> derby-3223-revocation-logic-1.diff, derby-3223-revocation-logic-1.stat,
> derby-3223-revocation-logic-2.diff, derby-3223-revocation-logic-2.stat,
> derby-3223-revocation-logic-2.txt, derby-3223-revocation-logic-3.diff,
> derby-3223-revocation-logic-3.stat, derby-3223-revocation-logic-4.diff,
> derby-3223-revocation-logic-4.stat, roles.sql, roles2.sql, roles3.sql
>
>
> Pushing out to 10.5
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
