[ http://issues.apache.org/jira/browse/DERBY-1330?page=comments#action_12420145 ]
Mamta A. Satoor commented on DERBY-1330: ---------------------------------------- Mike responded following on the mailing list <quote> I do not believe you can count on the order of a HashMap, different JVM's may use different hash algo's which may result in different orders when you ask for the full list. I have seen this behavior in queries which use hash nodes in derby (I believe we first noticed a difference between j9 and other jvm's). In that case we added order by's as necessary to the tests, as either order of results was correct from SQL point of view. In your case is the order a code problem, or just a testing issue? </quote> First of all, thanks Mike for your response. As to your question, the order is not a testing issue because test is simply trying a scenario where a user is trying to create a object based on more than one object on which the user doesn't have access to. And depending on how items got into HashMap, the test fails with privilege error on one object vs the other. So, in this case, the order is a code problem. > Provide runtime privilege checking for grant/revoke functionality > ----------------------------------------------------------------- > > Key: DERBY-1330 > URL: http://issues.apache.org/jira/browse/DERBY-1330 > Project: Derby > Type: Sub-task > Components: SQL > Versions: 10.2.0.0 > Reporter: Mamta A. Satoor > Assignee: Mamta A. Satoor > Attachments: AuthorizationModelForDerbySQLStandardAuthorization.html, > AuthorizationModelForDerbySQLStandardAuthorizationV2.html, > Derby1330PrivilegeCollectionV2diff.txt, > Derby1330PrivilegeCollectionV2stat.txt, > Derby1330PrivilegeCollectionV3diff.txt, > Derby1330PrivilegeCollectionV3stat.txt, > Derby1330ViewPrivilegeCollectionV1diff.txt, > Derby1330ViewPrivilegeCollectionV1stat.txt > > Additional work needs to be done for grant/revoke to make sure that only > users with required privileges can access various database objects. In order > to do that, first we need to collect the privilege requirements for various > database objects and store them in SYS.SYSREQUIREDPERM. Once we have this > information then when a user tries to access an object, the required > SYS.SYSREQUIREDPERM privileges for the object will be checked against the > user privileges in SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and > SYS.SYSROUTINEPERMS. The database object access will succeed only if the user > has the necessary privileges. > SYS.SYSTABLEPERMS, SYS.SYSCOLPERMS and SYS.SYSROUTINEPERMS are already > populated by Satheesh's work on DERBY-464. But SYS.SYSREQUIREDPERM doesn't > have any information in it at this point and hence no runtime privilege > checking is getting done at this point. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
