You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2008/02/27 13:39:51 UTC

[jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack (and SQL session context to hold it)

    [ https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572894#action_12572894 ] 

Dag H. Wanvik commented on DERBY-3327:
--------------------------------------

Ran some performance tests to see if the new code for getting current schema
had any substantial impact on performance, but it seems not (a loop executing
CURRENT SCHEMA inside a stored procedure saw a 3-5% performance hit, which is
not unreasonable since access is no longer just a simple field access in lcc but 
incurs 3 extra method calls).

If there are no further comments, I will commit this patch in a few days.



> SQL roles: Implement authorization stack (and SQL session context to hold it)
> -----------------------------------------------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat, DERBY-3327-4-full-b.diff, DERBY-3327-4-full-b.stat, DERBY-3327-4-full-c.diff, DERBY-3327-4-full-c.stat, DERBY-3327-4-full.diff, DERBY-3327-4-full.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier for an SQL session.
> The lcc is shared context also for nested connections (opened from stored procedures).
> So far, for roles, the current role has been stored in the lcc also. However, SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by the stored procedure.
> This issue will implement the current role name part ("cell") of the authorization stack. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.