New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New built-in function to check whether some role is implicitly active [CORE2762] #3155
Comments
Commented by: Sean Leyne (seanleyne) Bjorn, Could you provide an example, the name "CanGet" is confusing. It seems that what you are looking for a security model where a user would be added to list of groups, so that you could ask the system "Is the current user a member of group X". Sean |
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Commented by: @AlexPeshkoff First of all, I must check in SQL standard, do roles in roles provide permissions on database objects... |
Commented by: @AlexPeshkoff Delayed to post-3 version togethr with grant role to role |
Commented by: @dyemanov Currently implemented as RDB$ROLE_IN_USE(<role name>), may be changed before the final v4.0 release. |
Modified by: @dyemanovassignee: Alexander Peshkov [ alexpeshkoff ] => Roman Simakov [ roman-simakov ] Fix Version: 4.0 Alpha 1 [ 10731 ] summary: New buildin function to check membership of role => New built-in function to check whether some role is implicitly active |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: Covered by another test(s) Test Details: All tests in tests/functional/syspriv/ folder (run there: find /c /i "RDB$ROLE_IN_USE" *.fbt ) |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Submitted by: Bjoern Reimer (bnreimer)
(As a reminder for Alex)
If I can get permissions on db objects not only via directly granted roles but also via roles in roles a new function is needed as replacement for psql statement
if (current_role = 'somerole') then ...
or
if (current_role <> 'somerole') then ...
I don't know a good name, but maybe
or
if (not CanGetRole( 'somerole') and (current_role <> 'somerole') ) then ...
====== Test Details ======
All tests in tests/functional/syspriv/ folder (run there: find /c /i "RDB$ROLE_IN_USE" *.fbt )
The text was updated successfully, but these errors were encountered: