[ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-3327: --------------------------------- Derby Info: [Patch Available, Existing Application Impact, Release Note Needed] (was: [Patch Available]) Marking with Existing application impact and Release note needed, since the latest revision of the patch, in its solution for to DERBY-1331, changes the semantics of SET SCHEMA if performed in a nested connection (inside a routine). > SQL roles: Implement authorization stack (and SQL session context to hold it) > ----------------------------------------------------------------------------- > > Key: DERBY-3327 > URL: https://issues.apache.org/jira/browse/DERBY-3327 > Project: Derby > Issue Type: New Feature > Components: Security, SQL > Reporter: Dag H. Wanvik > Assignee: Dag H. Wanvik > Fix For: 10.4.0.0 > > Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, > DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat, > DERBY-3327-4-full-b.diff, DERBY-3327-4-full-b.stat, DERBY-3327-4-full-c.diff, > DERBY-3327-4-full-c.stat, DERBY-3327-4-full.diff, DERBY-3327-4-full.stat > > > The current LanguageConnectionContext keeps the user authorization identifier > for an SQL session. > The lcc is shared context also for nested connections (opened from stored > procedures). > So far, for roles, the current role has been stored in the lcc also. However, > SQL requires that > authorization identifers be pushed on a "authorization stack" when calling a > stored procedure, cf. > SQL 2003, vol 2, section 4.34.1.1 and 4.27.3. > This allows a caller to keep its current role after a call even if changed by > the stored procedure. > This issue will implement the current role name part ("cell") of the > authorization stack. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.