[jira] Resolved: (DERBY-4505) Document that views, triggers, and constraints run with definer's rights rather than invoker's rights

Mon, 11 Jan 2010 14:27:19 -0800 

     [ 
https://issues.apache.org/jira/browse/DERBY-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kim Haase resolved DERBY-4505.
------------------------------

          Resolution: Fixed
       Fix Version/s: 10.6.0.0
    Issue & fix info:   (was: [Patch Available])

Thanks very much, Rick.

Committed patch DERBY-4505-2.diff to documentation trunk at revisions 898089 
and 898091.

> Document that views, triggers, and constraints run with definer's rights 
> rather than invoker's rights
> -----------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4505
>                 URL: https://issues.apache.org/jira/browse/DERBY-4505
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.2.2.1, 10.2.3.0, 10.3.3.1, 10.3.4.0, 10.4.2.1, 
> 10.4.3.0, 10.5.3.1, 10.5.4.0, 10.6.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>             Fix For: 10.6.0.0
>
>         Attachments: DERBY-4505-2.diff, DERBY-4505-2.zip, DERBY-4505.diff, 
> DERBY-4505.stat, DERBY-4505.zip
>
>
> Comments like the following can be found in the code, including this 
> particular example from 
> DDLConstantAction.storeConstraintDependenciesOnPrivileges():
>        *  Views and triggers and constraints run with definer's privileges.
> This is an important behavior of Derby privileges which deserves to be 
> documented. I can find only one glancing reference to this behavior, viz., in 
> the Reference Guide section on the REVOKE command. There we learn that:
> "You must use the RESTRICT clause on REVOKE statements for routines. The 
> RESTRICT clause specifies that the EXECUTE privilege cannot be revoked if the 
> specified routine is used in a view, trigger, or constraint, and the 
> privilege is being revoked from the owner of the view, trigger, or 
> constraint."
> From that lone statement, a clever reader might deduce that Derby views, 
> triggers, and constraints run with definer rather than invoker rights. But 
> that is not the clear meaning of that statement in the Reference Guide. To 
> draw the necessary conclusion from that statement the reader would have to be 
> clever enough to understand the SQL Standard's tricky language around definer 
> and invoker rights--and that would be a very clever reader indeed.
> In short, we need to document this behavior explicitly. I consider this hole 
> in our documentation to be a serious enough defect that I am marking this 
> issue as a Bug.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to