You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org> on 2007/04/26 13:37:15 UTC
[jira] Created: (DERBY-2594) Revoking a privilege from a table
should invalidate statements dependent on that table
Revoking a privilege from a table should invalidate statements dependent on that table
--------------------------------------------------------------------------------------
Key: DERBY-2594
URL: https://issues.apache.org/jira/browse/DERBY-2594
Project: Derby
Issue Type: Improvement
Components: SQL
Affects Versions: 10.2.1.6
Reporter: Dyre Tjeldvoll
Assigned To: Dyre Tjeldvoll
Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492967 ]
Bryan Pendleton commented on DERBY-2594:
----------------------------------------
Thanks Dyre. Addressing this tracing later and separately seems reasonable to me.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492897 ]
Bryan Pendleton commented on DERBY-2594:
----------------------------------------
This tracing seems very useful, too -- can you include it as part of your patch?
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll resolved DERBY-2594.
-----------------------------------
Resolution: Fixed
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Fix For: 10.3.0.0
>
> Attachments: DependencyTraceUntested.diff, derby-2594.v1.diff, derby-2594.v1.stat, out.txt, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from a table
should invalidate statements dependent on that table
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12491986 ]
Dyre Tjeldvoll commented on DERBY-2594:
---------------------------------------
There is a typo in the description. The last sentence should read "...this will change when language result sets are reused".
As an initial experiment I've tried to modify DependencyManager.invalidateFor() so that it detects when REVOKE_PRIVILEGE is sent to a TablePermsDescriptor, and then adds an explicit call to invalidateFor() on the TableDescriptor:
coreInvalidateFor(p, action, lcc);
if (p instanceof TablePermsDescriptor &&
action == DependencyManager.REVOKE_PRIVILEGE) {
final TablePermsDescriptor tpd = (TablePermsDescriptor) p;
final TableDescriptor td = dd.getTableDescriptor(tpd.getTableUUID());
coreInvalidateFor(td, DependencyManager.INTERNAL_RECOMPILE_REQUEST, lcc);
But this fails with
Caused by: java.sql.SQLException: Operation 'INTERNAL RECOMPILE REQUEST' cannot be performed on object 'TSAT' because VIEW 'V1' is dependent on that object.
> Revoking a privilege from a table should invalidate statements dependent on that table
> --------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492867 ]
Dyre Tjeldvoll commented on DERBY-2594:
---------------------------------------
I added some trace to see what happens when a REVOKE is received
by RoutinePrivilegeInfo. I added the following to
BasicDependencyManager.coreInvalidate():
@@ -300,6 +302,16 @@
Dependent dep = dependency.getDependent();
+ if (p instanceof AliasDescriptor &&
+ action == INTERNAL_RECOMPILE_REQUEST &&
+ dep instanceof GenericPreparedStatement) {
+ System.out.println
+ ("REVOKE on "+
+ ((AliasDescriptor)p).getObjectName()+
+ " sends recompile to `"+
+ ((GenericPreparedStatement)dep).statement.getSource()+"'");
+ }
+
if (affectedCols != null)
Running lang.GrantRevokeDDLTest then produces the following output:
[...]
REVOKE on F_ABS1 sends recompile to ` select * from v24'
REVOKE on F_ABS1 sends recompile to ` create view v24 as select * from mamta1.v11'
REVOKE on F_ABS1 sends recompile to ` select * from v11'
REVOKE on F_ABS1 sends recompile to ` create view v11(c111) as values mamta1.f_abs1(-5)'
REVOKE on F_ABS1 sends recompile to ` values f_abs1(-5)'
REVOKE on SELECTFROMSPECIFICSCHEMA sends recompile to `revoke execute on function selectFromSpecificSchema from mamta3 restrict'
REVOKE on SELECTFROMSPECIFICSCHEMA sends recompile to ` grant execute on function selectFromSpecificSchema to mamta3'
REVOKE on F_ABS sends recompile to ` revoke execute on function f_abs from randy restrict'
REVOKE on F_ABS sends recompile to ` grant execute on function f_abs to randy'
REVOKE on F_ABS2 sends recompile to `revoke execute on function F_ABS2 from user2 restrict'
REVOKE on F_ABS2 sends recompile to `grant execute on function F_ABS2 to user2'
REVOKE on F_ABS2 sends recompile to `values user1.F_ABS1(10) + user1.F_ABS2(-10)'
REVOKE on F_ABS1 sends recompile to ` revoke execute on function F_ABS1 from user2 restrict'
REVOKE on F_ABS1 sends recompile to `values user1.F_ABS1(-8)'
which looks correct to me. So unless I hear otherwise, I'll start
making my preliminary patch ready for commit.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492954 ]
Dyre Tjeldvoll commented on DERBY-2594:
---------------------------------------
Hi Bryan, I'm glad you think it is useful. I guess I could include it, but there are some caveats:
- Currently the trace is printed unconditionally. If it was to be committed I think I would have to put some SanityManager magic around it so that you only got this trace when setting a certain property (value).
- The change I have shown above is not very general and makes use of "bad" downcasts that in turn requires the import of files the DependencyManager ideally shouldn't have to know about.
- The DependencyManager already has a method called dumpDependencies() (or similar) which prints all the dependencies. I tried using that method but it generates so much output that it becomes really hard to find what you're looking for (especially if you call this method more than once). Part of the problem is that it relies on the Provider's and Dependent's toString() methods, which (for good reasons) generate far more output than is typically desired when looking at dependencies (in the case of GPSs it actually generates too little, only the UUID).
- Ideally the Provider and Dependent interfaces should provide a describe method that would give the right amount of info for printing dependencies. That way the DependencyManager itself would not have to downcast to the exact types. It would also be good to have the ability to filter out the subset of dependencies that you were interested in.
- Finally I believe I have seen in another Jira that Dan would like to re-design/re-write the DependencyManager at some point.
So I guess I won't include this as part of the main patch, but I'm happy to attach it as a separate patch.
And if the DependencyManager won't be re-written right away, I could try to make another patch based on my comments here (would need some more time for that though)
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll updated DERBY-2594:
----------------------------------
Summary: Revoking a privilege from an SQL Object should invalidate statements dependent on that object (was: Revoking a privilege from a table should invalidate statements dependent on that table)
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from a table
should invalidate statements dependent on that table
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492026 ]
Daniel John Debrunner commented on DERBY-2594:
----------------------------------------------
I think this should be more generic than table, it should be for any SQL object, e.g.:
Revoking a privilege from a (SQL) object should invalidate statements dependent on that object
> Revoking a privilege from a table should invalidate statements dependent on that table
> --------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll updated DERBY-2594:
----------------------------------
Attachment: derby-2594.v1.stat
derby-2594.v1.diff
Attaching a proper patch (derby-2594.v1). suites.All and derbyall pass. Reviews are appreciated, as always.
(Does not include any DependencyManager tracing).
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: derby-2594.v1.diff, derby-2594.v1.stat, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Knut Anders Hatlen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Knut Anders Hatlen updated DERBY-2594:
--------------------------------------
Derby Info: (was: [Patch Available])
Fix Version/s: 10.3.0.0
Thanks Dyre. derby-2594.v1.diff looks good. Committed revision 536767.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Fix For: 10.3.0.0
>
> Attachments: DependencyTraceUntested.diff, derby-2594.v1.diff, derby-2594.v1.stat, out.txt, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492073 ]
Dyre Tjeldvoll commented on DERBY-2594:
---------------------------------------
My experimental change fails because a TableDescriptor can have
other Dependents besides GenericPreparedStatements. All possible
Dependents of TableDescriptor must be able to handle the action
being passed to them (the default is to trow an
exception). Passing on REVOKE_PRIVILEGE doesn't work because
that will cause views that depend on the TableDescriptor to be
dropped, and we will subsequently get a 'No such Table/View'
error.
I have now modified the experimental code to send a new
action (REVOKE_RECOMILE) to the TableDescriptor whenever the
TablePrivilegeInfo object sends a REVOKE_PRIVILEGE to the
TablePermsDescriptor. I have also extended ViewDescriptor and
SPSDescriptor and GenericPreparedStatement to handle the
REVOKE_RECOMILE action.
With this hack I get lang.GrantRevokeDDLTest (The old
lang/grantRevokeDDL2.sql test that first revealed this problem
has been moved to JUnit) to pass with re-use of result sets and
without checking authorization on every execute.
But I fear that this is the easy part. The real work is probably to:
- Ensure that all SQL Objects for which a revoke will invalidate
statements, actually have those statements as Dependents.
- That GrantRevokeCA actually calls DM.invalidateFor() on all
relevant Providers (SQL object descriptors)
(Currently GrantRevokeCA can either refer to a
TablePrivilegeInfo, or a RoutinePrivilegeInfo. TablePrivilegeInfo
calls invalidateFor(TablePermsDescriptor, REVOKE_PRIVILEGE) and
RoutinePrivilegeInfo calls invalidateFor(RoutinePermsDescriptor,
REVOKE_PRIVILEGE_RESTRICT))
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492206 ]
Dyre Tjeldvoll commented on DERBY-2594:
---------------------------------------
It is quite possible that a new action isn't required. I wasn't
sure so I played it safe.
I didn't mean to say that GrantRevokeConstantAction should call
invalidateFor directly (although it certainly could seem
so). Currently the stack looks like this:
GrantRevokeConstantAction -> XPrivilegeInfo -> invalidateFor(XPermsDescriptor, ACTION)
So we should add
GrantRevokeConstantAction -> XPrivilegeInfo -> invalidateFor(XDescriptor, INTERNAL_COMPILE_REQUEST)
?
This will work for tables, but I haven't checked for
RoutinePermsDescriptor and RoutineDescriptor. That is, I haven't
verified that all statements that depend on a Routine actually
are Dependents of the RoutineDescr.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492079 ]
Daniel John Debrunner commented on DERBY-2594:
----------------------------------------------
Why is a new action required (REVOKE_RECOMPILE)?
Isn't the same amount of work to make other non GenericPreparedStatements dependents handle this as handling the existing INTERNAL_RECOMPILE_REQUEST notification?
>. That GrantRevokeCA actually calls DM.invalidateFor() on all
relevant Providers (SQL object descriptors)
I think this is best handled in an OO approach, the TablePrivilege object should be sending out the recompile invalidation on the table,
not the callers. Ie. when it is invalidated with a REVOKE, then it sends out a invalidate on the table with recompile.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DERBY-2594) Revoking a privilege from an SQL Object
should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll closed DERBY-2594.
---------------------------------
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Fix For: 10.3.0.0
>
> Attachments: DependencyTraceUntested.diff, derby-2594.v1.diff, derby-2594.v1.stat, out.txt, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll updated DERBY-2594:
----------------------------------
Attachment: out.txt
DependencyTraceUntested.diff
Attaching a patch for the trace (DependencyTraceUntested.diff). I have only tried it with lang.GrantRevokeDDLTest and the resulting output is attached as out.txt.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: DependencyTraceUntested.diff, derby-2594.v1.diff, derby-2594.v1.stat, out.txt, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll updated DERBY-2594:
----------------------------------
Derby Info: [Patch Available]
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: derby-2594.v1.diff, derby-2594.v1.stat, revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2594) Revoking a privilege from an SQL
Object should invalidate statements dependent on that object
Posted by "Dyre Tjeldvoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dyre Tjeldvoll updated DERBY-2594:
----------------------------------
Attachment: revoke_prelim.diff
I've attached a preliminary (as in not for commit)
) patch (revoke_prelim.diff) which implements this idea. It seems to be
working, in the sense that suites.All and derbyall pass, but I
don't know if the Routine stuff gets tested at all. But if the
basic idea is sound I can convert it into a real patch.
> Revoking a privilege from an SQL Object should invalidate statements dependent on that object
> ---------------------------------------------------------------------------------------------
>
> Key: DERBY-2594
> URL: https://issues.apache.org/jira/browse/DERBY-2594
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.2.1.6
> Reporter: Dyre Tjeldvoll
> Assigned To: Dyre Tjeldvoll
> Attachments: revoke_prelim.diff
>
>
> Revoking a privilege on a table will currently cause the DependencyManager.invalidateFor() to be called on the table's TablePermsDescriptor with the action=REVOKE_PRIVILEGE. However, the prepared statements that refer to that table are dependents of the table's TableDescriptor, but NOT its TablePermsDescriptor, so the statements are not invalidated after revoke.
> This problem is currently hidden by the fact that authorization is checked on every execution, but this will change when language result sets are no longer reused (see DERBY-827).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.