[jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack (and SQL session context to hold it)

Mon, 02 Jun 2008 05:00:11 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601607#action_12601607
 ] 

Kristian Waagan commented on DERBY-3327:
----------------------------------------

Regression tests on 10.4 ran without any failures:
  jars/sane/derby.jar] 10.4.1.4 - (661686M)
  suites.All: OK (10405 tests)
  derbyall: 100% Pass (274 tests passed)

I'm considering committing the 5a patch to the 10.4 branch to resolve 
DERBY-3692. The other option is to pull out DERBY-3690.
The code in patch 5a is extracted from 4e_full, and the only thing changed is 
the handling of the initial schema descriptor.

> SQL roles: Implement authorization stack (and SQL session context to hold it)
> -----------------------------------------------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, 
> DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat, 
> DERBY-3327-4-full-b.diff, DERBY-3327-4-full-b.stat, DERBY-3327-4-full-c.diff, 
> DERBY-3327-4-full-c.stat, DERBY-3327-4-full-d.diff, DERBY-3327-4-full-d.stat, 
> DERBY-3327-4-full-e-10_4.diff, DERBY-3327-4-full-e-10_4.stat, 
> DERBY-3327-4-full-e.diff, DERBY-3327-4-full-e.stat, DERBY-3327-4-full.diff, 
> DERBY-3327-4-full.stat, derby-3327-5a-extracted_initial_schema_patch.diff, 
> releaseNote.html
>
>
> The current LanguageConnectionContext keeps the user authorization identifier 
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored 
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However, 
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a 
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3 and 10.4 GR 5h and i.
> This allows a caller to keep its current role after a call even if changed by 
> the stored procedure.
> This issue will implement the current role name part ("cell") of the 
> authorization stack. 
> The authorization stack will be implemented as part of the SQL session 
> context.
> The patch will also implement the pushing of the current unqualified schema 
> name part of
> the SQL session context, cf. 10.4 GR 5a (DERBY-1331).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to