Menu
▾
▴
Re: [Firebird-devel] Login with invalid or non granted role
|
From: Alex P. <pes...@ya...> - 2008-10-06 09:57:46
|
On Sunday 05 October 2008 19:05, Dmitry Yemanov wrote: > Vlad Khorsun wrote: > > a) role can be granted to role > > b) role can't be set at connection time > > c) role can be changed after connection using SET ROLE statement > > d) if <role specification> have wrong syntax or corresponding role is not > > granted to the current user or PUBLIC then error is raised (in SET ROLE > > statement) > > e) no role means NULL value (not 'NONE') > > d) to deactivate current role used special 'NONE' value > > I've checked the latest SQL draft as well and you seem being absolutely > correct. We could schedule the appropriate adjustments for v3.0, if > somebody would enter a ticket into the tracker :-) We already do have CORE-1815 Ability to grant role to another role and CORE-1377 Add an ability to change role without reconnecting to database. Looks like they should be gathered in one single item with additions which Vlad provided? One detail - removing ability to set role at connection time will become severe regression from many users POV. Therefore I suggest to keep it, adding test for correctness of role and disabling login if role is not OK for any reason. In 3.0, certainly. |
