Document that views, triggers, and constraints run with definer's rights rather
than invoker's rights
-----------------------------------------------------------------------------------------------------
Key: DERBY-4505
URL: https://issues.apache.org/jira/browse/DERBY-4505
Project: Derby
Issue Type: Bug
Components: Documentation
Affects Versions: 10.2.2.1, 10.2.3.0, 10.3.3.1, 10.3.4.0, 10.4.2.1,
10.4.3.0, 10.5.3.1, 10.5.4.0, 10.6.0.0
Reporter: Rick Hillegas
Comments like the following can be found in the code, including this particular
example from DDLConstantAction.storeConstraintDependenciesOnPrivileges():
* Views and triggers and constraints run with definer's privileges.
This is an important behavior of Derby privileges which deserves to be
documented. I can find only one glancing reference to this behavior, viz., in
the Reference Guide section on the REVOKE command. There we learn that:
"You must use the RESTRICT clause on REVOKE statements for routines. The
RESTRICT clause specifies that the EXECUTE privilege cannot be revoked if the
specified routine is used in a view, trigger, or constraint, and the privilege
is being revoked from the owner of the view, trigger, or constraint."
>From that lone statement, a clever reader might deduce that Derby views,
>triggers, and constraints run with definer rather than invoker rights. But
>that is not the clear meaning of that statement in the Reference Guide. To
>draw the necessary conclusion from that statement the reader would have to be
>clever enough to understand the SQL Standard's tricky language around definer
>and invoker rights--and that would be a very clever reader indeed.
In short, we need to document this behavior explicitly. I consider this hole in
our documentation to be a serious enough defect that I am marking this issue as
a Bug.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
