New built-in function to check whether some role is implicitly active [CORE2762] #3155
Comments
|
Commented by: Sean Leyne (seanleyne) Bjorn, Could you provide an example, the name "CanGet" is confusing. It seems that what you are looking for a security model where a user would be added to list of groups, so that you could ask the system "Is the current user a member of group X". Sean |
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
|
Commented by: @AlexPeshkoff First of all, I must check in SQL standard, do roles in roles provide permissions on database objects... |
|
Commented by: @AlexPeshkoff Delayed to post-3 version togethr with grant role to role |
|
Commented by: @dyemanov Currently implemented as RDB$ROLE_IN_USE(<role name>), may be changed before the final v4.0 release. |
Modified by: @dyemanovassignee: Alexander Peshkov [ alexpeshkoff ] => Roman Simakov [ roman-simakov ] Fix Version: 4.0 Alpha 1 [ 10731 ] summary: New buildin function to check membership of role => New built-in function to check whether some role is implicitly active |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Resolved [ 5 ] QA Status: Covered by another test(s) Test Details: All tests in tests/functional/syspriv/ folder (run there: find /c /i "RDB$ROLE_IN_USE" *.fbt ) |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Submitted by: Bjoern Reimer (bnreimer)
(As a reminder for Alex)
If I can get permissions on db objects not only via directly granted roles but also via roles in roles a new function is needed as replacement for psql statement
if (current_role = 'somerole') then ...
or
if (current_role <> 'somerole') then ...
I don't know a good name, but maybe
or
if (not CanGetRole( 'somerole') and (current_role <> 'somerole') ) then ...
====== Test Details ======
All tests in tests/functional/syspriv/ folder (run there: find /c /i "RDB$ROLE_IN_USE" *.fbt )
The text was updated successfully, but these errors were encountered: