SQL Roles - Add the possibility for a default role for each user
----------------------------------------------------------------
Key: DERBY-4162
URL: https://issues.apache.org/jira/browse/DERBY-4162
Project: Derby
Issue Type: Improvement
Components: SQL
Reporter: Tiago R. Espinha
Priority: Minor
Fix For: 10.6.0.0
We should have the ability to set a role (or several roles) as the default
role(s) for a user. This should also be kept optional, that is we should be
able to have the behavior described in the standard: roles can be selected
manually through the SET ROLE.
Dag said on the list that there is room for having this added functionality, in
the sense that it does not collide with what the standard stipulates.
Additionally, I have a suggestion. While the implementation of this feature is
vendor-based, I believe that Oracle's approach on it is a very user-friendly
and intuitive one. On Oracle we can set several default roles and all these
will be enabled by default. The user can then manually disable certain roles
after they start a session, but the crucial point is that these are enabled by
default.
I do not think there is any security risk involved here, as if the role is
there and it is available to the user, then they are permissions that the user
owns anyway. In a real world scenario I believe that the most common behavior
is having a role per user, which lessens any security concerns even further.
Here's an overview of how the roles work on Oracle:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_10004.htm
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
