| Subject | Re: [Firebird-Architect] Re: User name SYSDBA |
|---|---|
| Author | Jim Starkey |
| Post date | 2005-08-27T21:49:56Z |
Roman Rokytskyy wrote:
sufficient even if the the active role(s) change. I don't see a problem
as long as the rules are clear and documented.
>>The question is not whether it can be done at the execution time butChecking permissions at prepare time is necessary and should be
>>whether it should be. IIRC, the SQL spec explicitly requires
>>permissions to be checked at the prepare time. And it makes a lot of
>>sense to me.
>>
>>
>
>This fits very well the model where role is specified at connect time.
>However, if we allow to change the role at runtime, we have either to
>invalidate all prepared statements or to check the permissions, etc.
>
>So, _if_ we consider Jim's proposal for implementation, then also
>permission management should be changed.
>
>
>
sufficient even if the the active role(s) change. I don't see a problem
as long as the rules are clear and documented.