Subject Re: [Firebird-Architect] User name SYSDBA
Author Christian Danner
Hi Jim,

on Mon, 22 Aug 2005 07:28:49 -0400, you wrote:

>Christian Danner wrote:
>>But additionally the storage of a role / role set, actually to a
>>VAR-/CHAR variable, would have to be considered, IMHO a compatibility
>>problem even harder to solve. If the assignment of a NULL-value isn't
>>adequate CURRENT_ROLE should at least support a term like 'MULTI' for
>>that purpose (in accordance to 'NONE'). In contrast to this a simple
>>concatenation of the roles could lead to an overflow of the
>>destination, which may not be prepared for such a long string. Enough
>>to be figured out by the gurus - if at all.
>I implemented an "is active_role(<rolename>)" predicate in
>Netfrastructure to address this problem.

If you intend to log up CURRENT_USER and CURRENT_ROLE being used to
modify a dataset, this could possibly lead to the storage of a role
which itself doesn't have the right to do the job. Hard to interpret
this discrepancy the right way later on - but you can't have it all.