[
https://issues.apache.org/jira/browse/DERBY-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797671#action_12797671
]
Rick Hillegas commented on DERBY-4505:
--------------------------------------
Thanks for finding this documentation, Kim. In addition to adding the pointers
you mention, I think that the following changes would help people find this
material:
o Add a pointer in the Reference Guide section for the GRANT statement
o Add the "Permissions on views, triggers, and constraints" subsection to the
table of contents in the Developer Guide. This is probably the change which
will be most useful to people looking for this material.
o Add a little language to the subsection explaining that we are talking about
what the SQL Standard calls "invoker" vs "definer" rights. Those keywords
should be flagged for inclusion in an index, in case we ever get around to
re-enabling the index. This change will help people search the documentation
for these concepts, using their standard names.
Thanks,
-Rick
> Document that views, triggers, and constraints run with definer's rights
> rather than invoker's rights
> -----------------------------------------------------------------------------------------------------
>
> Key: DERBY-4505
> URL: https://issues.apache.org/jira/browse/DERBY-4505
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.2.2.1, 10.2.3.0, 10.3.3.1, 10.3.4.0, 10.4.2.1,
> 10.4.3.0, 10.5.3.1, 10.5.4.0, 10.6.0.0
> Reporter: Rick Hillegas
>
> Comments like the following can be found in the code, including this
> particular example from
> DDLConstantAction.storeConstraintDependenciesOnPrivileges():
> * Views and triggers and constraints run with definer's privileges.
> This is an important behavior of Derby privileges which deserves to be
> documented. I can find only one glancing reference to this behavior, viz., in
> the Reference Guide section on the REVOKE command. There we learn that:
> "You must use the RESTRICT clause on REVOKE statements for routines. The
> RESTRICT clause specifies that the EXECUTE privilege cannot be revoked if the
> specified routine is used in a view, trigger, or constraint, and the
> privilege is being revoked from the owner of the view, trigger, or
> constraint."
> From that lone statement, a clever reader might deduce that Derby views,
> triggers, and constraints run with definer rather than invoker rights. But
> that is not the clear meaning of that statement in the Reference Guide. To
> draw the necessary conclusion from that statement the reader would have to be
> clever enough to understand the SQL Standard's tricky language around definer
> and invoker rights--and that would be a very clever reader indeed.
> In short, we need to document this behavior explicitly. I consider this hole
> in our documentation to be a serious enough defect that I am marking this
> issue as a Bug.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
