[
https://issues.apache.org/jira/browse/DERBY-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12798682#action_12798682
]
Rick Hillegas commented on DERBY-4505:
--------------------------------------
Thanks, Kim. These modifications look like an improvement to me. In reviewing
these changes, I tripped across a pre-existing grammar error on one of the
pages. It would be good to fix that while you're in there. The page is
cdevsecuregrantrevoke. I believe that we should remove the second "on" from the
clause "on which the object depends on".
I agree with your recommendation that we should raise the visibility of the new
topic by making it parallel to "Using SQL standard authorization". Thanks.
> Document that views, triggers, and constraints run with definer's rights
> rather than invoker's rights
> -----------------------------------------------------------------------------------------------------
>
> Key: DERBY-4505
> URL: https://issues.apache.org/jira/browse/DERBY-4505
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.2.2.1, 10.2.3.0, 10.3.3.1, 10.3.4.0, 10.4.2.1,
> 10.4.3.0, 10.5.3.1, 10.5.4.0, 10.6.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
> Attachments: DERBY-4505.diff, DERBY-4505.stat, DERBY-4505.zip
>
>
> Comments like the following can be found in the code, including this
> particular example from
> DDLConstantAction.storeConstraintDependenciesOnPrivileges():
> * Views and triggers and constraints run with definer's privileges.
> This is an important behavior of Derby privileges which deserves to be
> documented. I can find only one glancing reference to this behavior, viz., in
> the Reference Guide section on the REVOKE command. There we learn that:
> "You must use the RESTRICT clause on REVOKE statements for routines. The
> RESTRICT clause specifies that the EXECUTE privilege cannot be revoked if the
> specified routine is used in a view, trigger, or constraint, and the
> privilege is being revoked from the owner of the view, trigger, or
> constraint."
> From that lone statement, a clever reader might deduce that Derby views,
> triggers, and constraints run with definer rather than invoker rights. But
> that is not the clear meaning of that statement in the Reference Guide. To
> draw the necessary conclusion from that statement the reader would have to be
> clever enough to understand the SQL Standard's tricky language around definer
> and invoker rights--and that would be a very clever reader indeed.
> In short, we need to document this behavior explicitly. I consider this hole
> in our documentation to be a serious enough defect that I am marking this
> issue as a Bug.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
