Derby
  1. Derby
  2. DERBY-5350

Devguide needs update for definer's rights

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.8.1.2
    • Fix Version/s: 10.8.2.2, 10.9.1.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      I found the following in the Using SQL roles topic of the devguide:

      "Within stored procedures and functions that contain SQL, the current role is on the authorization stack. Initially, inside a nested connection, the current role is set to that of the calling context."
      http://db.apache.org/derby/docs/10.8/devguide/cdevcsecureroles.html

      I think this is only correct for procedures running with invoker's rights. For procedures running with definer's rights, no role is set initially, according to the CREATE PROCEDURE statement topic in the reference manual:

      "When the procedure is first invoked, no role is set; even if the invoker has set a current role, the procedure running with definer's rights has no current role set initially."
      http://db.apache.org/derby/docs/10.8/ref/rrefcreateprocedurestatement.html

      1. derby-5350b.diff
        3 kB
        Dag H. Wanvik
      2. derby-5330a.diff
        2 kB
        Dag H. Wanvik
      3. cdevcsecureroles.html
        14 kB
        Dag H. Wanvik
      4. cdevcsecureroles.html
        14 kB
        Dag H. Wanvik

        Activity

        Hide
        Dag H. Wanvik added a comment -

        Uploading a patch that fixes this, as well as an HTML file for review.

        Show
        Dag H. Wanvik added a comment - Uploading a patch that fixes this, as well as an HTML file for review.
        Hide
        Kim Haase added a comment -

        Thanks, Dag, for picking this up! I was puzzling it over, but you knew what to do.

        The patch looks great – a couple of minor items –

        1) Latin abbreviations like "cf." can be unclear to some people, so it might be better to say "as specified by" instead?

        2) Typo: Change "Within routines the execute" to "Within routines that execute".

        3) In the sentence about definer's rights, you could remove the second "initially", since it is redundant, and put a "the" in front of "current user".

        Show
        Kim Haase added a comment - Thanks, Dag, for picking this up! I was puzzling it over, but you knew what to do. The patch looks great – a couple of minor items – 1) Latin abbreviations like "cf." can be unclear to some people, so it might be better to say "as specified by" instead? 2) Typo: Change "Within routines the execute" to "Within routines that execute". 3) In the sentence about definer's rights, you could remove the second "initially", since it is redundant, and put a "the" in front of "current user".
        Hide
        Dag H. Wanvik added a comment -

        Thanks, Kim! I also noticed I should have used a cross reference format for the reference to the reference manual. I'll upload a new patch asap.

        Show
        Dag H. Wanvik added a comment - Thanks, Kim! I also noticed I should have used a cross reference format for the reference to the reference manual. I'll upload a new patch asap.
        Hide
        Dag H. Wanvik added a comment -

        Uploading a new patch and preview which addresses Kim's comments, changes the reference to the Reference Manual, and adds a sentence to each routine type on what roles can be set inside them.

        Show
        Dag H. Wanvik added a comment - Uploading a new patch and preview which addresses Kim's comments, changes the reference to the Reference Manual, and adds a sentence to each routine type on what roles can be set inside them.
        Hide
        Kim Haase added a comment -

        This looks great, Dag – +1. Glad you corrected the reference manual cross-reference, too.

        Show
        Kim Haase added a comment - This looks great, Dag – +1. Glad you corrected the reference manual cross-reference, too.
        Hide
        Dag H. Wanvik added a comment -

        Committed to docs trunk at svn 1150905, will back-port to 10.8 branch.

        Show
        Dag H. Wanvik added a comment - Committed to docs trunk at svn 1150905, will back-port to 10.8 branch.
        Hide
        Dag H. Wanvik added a comment -

        Back-ported to 10.8 branch as svn 1150919, resolving.

        Show
        Dag H. Wanvik added a comment - Back-ported to 10.8 branch as svn 1150919, resolving.
        Hide
        Knut Anders Hatlen added a comment -

        Thanks, Dag. The section is quite clear now. Closing the issue.

        Show
        Knut Anders Hatlen added a comment - Thanks, Dag. The section is quite clear now. Closing the issue.

          People

          • Assignee:
            Dag H. Wanvik
            Reporter:
            Knut Anders Hatlen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development