On 04/09/09 12:00, Kathey Marsden wrote:
Tiago Espinha wrote:
5) Tried to use TIAGO on another ij spawn and here is what I get:
ij> select * from adm.t1;
ERROR 42502: User 'TIAGO' does not have SELECT permission on column
'F1' of table 'ADM'.'T1'.
I think before you do the select, you have to set the role, e.g
ij>set role readRole;
Should we make this clearer in the documentation?
http://db.apache.org/derby/docs/dev/devguide/cdevcsecureroles.html
Good idea. Probably in the "Setting Roles" section something like this
should be added:
For example, if you created and granted the roles shown in the previous
session, you would have to issue a SET ROLE statement to have them take
effect. For example, suppose you used the following statement;
SET ROLE taskLeaderA;
If the database owner granted the taskLeaderA role to a user, that user
would have all the privileges associated with the taskLeaderA,
updateUser and readUser roles.
I can file (and fix) an issue for this if you think it makes sense.
Kim
