Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
Normal
Description
We should have the ability to set a role (or several roles) as the default role(s) for a user. This should also be kept optional, that is we should be able to have the behavior described in the standard: roles can be selected manually through the SET ROLE.
Dag said on the list that there is room for having this added functionality, in the sense that it does not collide with what the standard stipulates.
Additionally, I have a suggestion. While the implementation of this feature is vendor-based, I believe that Oracle's approach on it is a very user-friendly and intuitive one. On Oracle we can set several default roles and all these will be enabled by default. The user can then manually disable certain roles after they start a session, but the crucial point is that these are enabled by default.
I do not think there is any security risk involved here, as if the role is there and it is available to the user, then they are permissions that the user owns anyway. In a real world scenario I believe that the most common behavior is having a role per user, which lessens any security concerns even further.
Here's an overview of how the roles work on Oracle:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_10004.htm
Attachments
Issue Links
- relates to
-
-
- Closed
-