Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-5350

Devguide needs update for definer's rights

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.8.1.2
    • Fix Version/s: 10.8.2.2, 10.9.1.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      I found the following in the Using SQL roles topic of the devguide:

      "Within stored procedures and functions that contain SQL, the current role is on the authorization stack. Initially, inside a nested connection, the current role is set to that of the calling context."
      http://db.apache.org/derby/docs/10.8/devguide/cdevcsecureroles.html

      I think this is only correct for procedures running with invoker's rights. For procedures running with definer's rights, no role is set initially, according to the CREATE PROCEDURE statement topic in the reference manual:

      "When the procedure is first invoked, no role is set; even if the invoker has set a current role, the procedure running with definer's rights has no current role set initially."
      http://db.apache.org/derby/docs/10.8/ref/rrefcreateprocedurestatement.html

        Attachments

        1. derby-5350b.diff
          3 kB
          Dag H. Wanvik
        2. derby-5330a.diff
          2 kB
          Dag H. Wanvik
        3. cdevcsecureroles.html
          14 kB
          Dag H. Wanvik
        4. cdevcsecureroles.html
          14 kB
          Dag H. Wanvik

          Activity

            People

            • Assignee:
              dagw Dag H. Wanvik
              Reporter:
              knutanders Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: