[
https://issues.apache.org/jira/browse/DERBY-4162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-4162:
---------------------------------
Fix Version/s: (was: 10.6.1.0)
> SQL Roles - Add the possibility for a default role for each user
> ----------------------------------------------------------------
>
> Key: DERBY-4162
> URL: https://issues.apache.org/jira/browse/DERBY-4162
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Reporter: Tiago R. Espinha
> Priority: Minor
>
> We should have the ability to set a role (or several roles) as the default
> role(s) for a user. This should also be kept optional, that is we should be
> able to have the behavior described in the standard: roles can be selected
> manually through the SET ROLE.
> Dag said on the list that there is room for having this added functionality,
> in the sense that it does not collide with what the standard stipulates.
> Additionally, I have a suggestion. While the implementation of this feature
> is vendor-based, I believe that Oracle's approach on it is a very
> user-friendly and intuitive one. On Oracle we can set several default roles
> and all these will be enabled by default. The user can then manually disable
> certain roles after they start a session, but the crucial point is that these
> are enabled by default.
> I do not think there is any security risk involved here, as if the role is
> there and it is available to the user, then they are permissions that the
> user owns anyway. In a real world scenario I believe that the most common
> behavior is having a role per user, which lessens any security concerns even
> further.
> Here's an overview of how the roles work on Oracle:
> http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_10004.htm
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
