[jira] [Updated] (DERBY-3929) SQL roles: tighten up check for existing user name collision when creating a role

["Mamta A. Satoor (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/DERBY-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mamta A. Satoor updated DERBY-3929:
-----------------------------------

    Urgency: Normal
     Labels: derby_triage10_10  (was: )
    
> SQL roles: tighten up check for existing user name collision when creating a role
> ---------------------------------------------------------------------------------
>
>                 Key: DERBY-3929
>                 URL: https://issues.apache.org/jira/browse/DERBY-3929
>             Project: Derby
>          Issue Type: Improvement
>          Components: SQL
>            Reporter: Dag H. Wanvik
>              Labels: derby_triage10_10
>
> Cf section 6.2 "The authorization identifier name space issue" in
> spec.html (rev 9) attached to DERBY-2207.
> One more check to avoid collision could be attempted (this is the last
> loophole that I am aware of), but is currently not being performed:
> Even if there is no trace of a user in the dictionary (as schema owner
> or grantee for privileges or roles), there *could* still be a user
> connected with the proposed name of the role being created. This could
> be checked by maintaining a list of connected users with reference
> counts, but would impose a cost (synchronize, hash name and check
> table) at connection time.
> Even if this scenario could unfold; I can't (yet) see any serious
> consequences of it happening (CURRENT_USER would still work as
> expected). The next time the user connects she would be denied, sicne
> there is a role by that name.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira