[
https://issues.apache.org/jira/browse/DERBY-4189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703421#action_12703421
]
Dag H. Wanvik commented on DERBY-4189:
--------------------------------------
In 4.34.1.1 SQL-session authorization identifiers, we see this paragraph:
An SQL-session context contains a time-varying sequence of cells,
known as the authorization stack, each cell of which contains either a
user identifier, a role name, or both. This stack is maintained using
a "last-in, firstout" discipline, and effectively only the top cell
is visible. When an SQL-session is started, by explicit or implicit
execution of a <connect statement>, the authorization stack is
initialized with one cell, which contains only the user identifier
known as the SQL-session user identifier; a role name, known as the
SQL-session role name may be added subsequently.
:
The <set session user identifier statement> changes the value of the
current user identifier and of the SQLsession user identifier. The
<set role statement> changes the value of the current role name.
This leads me to believe that a role name should be treated on a par with "a
user identifier" in that
it subclasses SQL-session authorization identifier. Treating CURRENT_ROLE as an
identifier makes the returned
value usable at input to SET ROLE ?, which is orthogonal.
> CURRENT_ROLE returns role name with double quotes around it
> -----------------------------------------------------------
>
> Key: DERBY-4189
> URL: https://issues.apache.org/jira/browse/DERBY-4189
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.5.1.1
> Reporter: Knut Anders Hatlen
> Priority: Minor
>
> CURRENT_ROLE returns the current role name with quotes around it. This does
> not follow the existing pattern used by CURRENT_USER.
> Example:
> $ java -Dderby.connection.requireAuthentication=true
> -Dderby.database.sqlAuthorization=true -Dderby.user.kah=secret -jar
> lib/derbyrun.jar ij
> ij version 10.5
> ij> connect 'jdbc:derby:db;create=true;user=kah;password=secret';
> ij> create role myrole;
> 0 rows inserted/updated/deleted
> ij> set role myrole;
> 0 rows inserted/updated/deleted
> ij> values current_user;
> 1
>
> --------------------------------------------------------------------------------------------------------------------------------
> KAH
>
> 1 row selected
> ij> values current_role;
> 1
>
> --------------------------------------------------------------------------------------------------------------------------------
> "MYROLE"
>
> 1 row selected
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
