[email protected] (Dag H. Wanvik) writes: >> "Any open result sets will remain usable as before, since these remain >> open; even though the old (base)activation is no longer referenced >> from the GenericActivationHolder, there is a reference to the old >> activation from the result set, so it stays alive." > > Yes, this is the current behavior. I think we should keep this. The > privilege checking occurs at execute time (when the result set is > constructed), and I guess it's logical that if you can see *one* row > with a SELECT privilege, you should be able to see them all. In any > case, prefetching of rows at several levels in Derby makes it hard to > present a consistent picture if we chose to try to make enforcement > immediate. I could not find anything in the standard on this. > > It is not there alrady it should be mentioned in the docs.
The behavior is mentioned here: http://db.apache.org/derby/docs/dev/devguide/cdevcsecureroles.html See the section "Revoking roles": "A result set that depends on a role will remain open even if that role is revoked from a user." This is true, but holds more generally; revoke actions (privileges, roles) do not invalidate open result sets. Dag
