Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 26706 invoked from network); 7 Jun 2007 16:33:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 Jun 2007 16:33:29 -0000 Received: (qmail 89811 invoked by uid 500); 7 Jun 2007 16:33:32 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 89739 invoked by uid 500); 7 Jun 2007 16:33:31 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 89726 invoked by uid 99); 7 Jun 2007 16:33:31 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 09:33:31 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 09:33:26 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 9C1231A981A; Thu, 7 Jun 2007 09:33:05 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r545237 - in /db/derby/docs/trunk/src: adminguide/ devguide/ ref/ Date: Thu, 07 Jun 2007 16:33:00 -0000 To: derby-commits@db.apache.org From: dag@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070607163305.9C1231A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dag Date: Thu Jun 7 09:32:56 2007 New Revision: 545237 URL: http://svn.apache.org/viewvc?view=rev&rev=545237 Log: Documents DERBY-2264 changes for enforcing database owner powers. Also adds a new node to explain the concept of database owner. Added: db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita (with props) Modified: db/derby/docs/trunk/src/adminguide/cadminappsclient.dita db/derby/docs/trunk/src/devguide/cdevcsecure36127.dita db/derby/docs/trunk/src/devguide/cdevcsecure36595.dita db/derby/docs/trunk/src/devguide/cdevcsecuregrantrevokeaccess.dita db/derby/docs/trunk/src/devguide/derbydev.ditamap db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita db/derby/docs/trunk/src/devguide/rdevdvlp22102.dita db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita db/derby/docs/trunk/src/ref/rrefattrib15290.dita db/derby/docs/trunk/src/ref/rrefattrib16471.dita db/derby/docs/trunk/src/ref/rrefattrib26867.dita db/derby/docs/trunk/src/ref/rrefattrib42100.dita db/derby/docs/trunk/src/ref/rrefattrib60346.dita db/derby/docs/trunk/src/ref/rrefattrib88843.dita db/derby/docs/trunk/src/ref/rrefattribencryptkey.dita db/derby/docs/trunk/src/ref/rrefattribnewbootpw.dita db/derby/docs/trunk/src/ref/rrefattribnewencryptkey.dita db/derby/docs/trunk/src/ref/rrefcreatefunctionstatement.dita db/derby/docs/trunk/src/ref/rrefcreateprocedurestatement.dita db/derby/docs/trunk/src/ref/rrefexcept71493.dita db/derby/docs/trunk/src/ref/rrefsqlj15446.dita db/derby/docs/trunk/src/ref/rrefsqlj24513.dita db/derby/docs/trunk/src/ref/rrefsqlj40506.dita db/derby/docs/trunk/src/ref/rrefsqlj43125.dita db/derby/docs/trunk/src/ref/rrefsqljrenametablestatement.dita db/derby/docs/trunk/src/ref/rrefsqljrevoke.dita Modified: db/derby/docs/trunk/src/adminguide/cadminappsclient.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminappsclient.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/adminguide/cadminappsclient.dita (original) +++ db/derby/docs/trunk/src/adminguide/cadminappsclient.dita Thu Jun 7 09:32:56 2007 @@ -214,7 +214,9 @@ shutdown This property is also available using EmbeddedDataSource. See the for more information. -Similar to setting connectionAttribute to "shutdown=true". Only "shutdown" is allowed, other values equate to null. The result of conflicting settings of createDatabase, shutdownDatabase and connectionAttributes is undefined. +Similar to setting connectionAttribute to "shutdown=true". Only "shutdown" is allowed, other values equate to null. The result of conflicting settings of createDatabase, shutdownDatabase and connectionAttributes is undefined. +If authentication and sqlAuthorization are both enabled, database shutdown is restricted to the database owner. + Modified: db/derby/docs/trunk/src/devguide/cdevcsecure36127.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure36127.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/cdevcsecure36127.dita (original) +++ db/derby/docs/trunk/src/devguide/cdevcsecure36127.dita Thu Jun 7 09:32:56 2007 @@ -38,5 +38,28 @@ running in a connectivity server and user authentication is turned on, stopping the server requires a user name and password. You will need to alter shutdown scripts accordingly. +

+

+ + Additionally, if you create and start + a system + with user authentication and + SQL authorization + both enabled, or plan to enable them later, + you should make sure you create + the database by connecting as the user that is to become the + database + owner. + + If you neglect to supply a user when the database is created, the + database owner will by default become "APP". If you later enable + both authentication and SQL authorization and "APP" is a not valid + user name, you will not be able to perform operations restricted to + the database owner, including shutting down the database (as opposed + to the full system which may currently be shut down by any + authenticated user, see previous note). Nor will you be able to + (re)encrypt the database nor perform a full upgrade of it. + + Modified: db/derby/docs/trunk/src/devguide/cdevcsecure36595.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure36595.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/cdevcsecure36595.dita (original) +++ db/derby/docs/trunk/src/devguide/cdevcsecure36595.dita Thu Jun 7 09:32:56 2007 @@ -89,7 +89,9 @@ the ability to read from or write to database objects is further restricted to the owner of the database objects. The owner must grant permission for others to access the database objects. No one but the owner of an object or -the database owner can drop the object. +the +database owner +can drop the object.
  • The access mode specified for the derby.database.defaultConnectionMode property overrides the permissions that are granted by the owner of a database object. For example, if a user is granted INSERT privileges on a table but the user Added: db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita?view=auto&rev=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita (added) +++ db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita Thu Jun 7 09:32:56 2007 @@ -0,0 +1,105 @@ + + + + + +Database owner + + + + The term database owner refers to the current authorization + identifier when the database is created, that is, the user creating + the database. If you enable or plan to enable SQL authorization, + controlling the identity of the database owner becomes important. + + + + + + + + database owner + + + + database owner + + powers + + + + + database owner + + permissions + + + + + + + +

    + When a database is created, the database owner of that database + gets implicitly set to the authorization identifier used in the + connect operation which creates the database, for example by + supplying the URL attribute "user". Note that this applies even + if authentication is not (yet) enabled. In SQL, the built-in + functions USER and the equivalent CURRENT_USER return the current + authorization identifier. +

    +

    + If the database is created without supplying a user (only + possible if authentication is not enabled), the database owner + gets set to the default authorization identifier, "APP", which is + also the name of the default schema, see the section "SET + SCHEMA statement" in + the . +

    +

    + The database owner has automatic SQL level permissions when + SQL authorization is enabled, see more about this + in . +

    +

    + To further enhance security, when both + authentication + and SQL authorization are enabled for a + database, Derby restricts some special powers to the database + owner: only the database owner is allowed to + shut down + the database, to + encrypt + or + reencrypt + the database or to perform a + full upgrade + of it. These powers can not be delegated. +

    +

    + + There is currently no way of changing the database owner once + the database is created. This means that if you plan to run with + SQL authorization enabled, you should make sure to create the + database as the user you want to be the owner. + +

    + +     +     Propchange: db/derby/docs/trunk/src/devguide/cdevcsecureDbOwner.dita ------------------------------------------------------------------------------ svn:eol-style = native Modified: db/derby/docs/trunk/src/devguide/cdevcsecuregrantrevokeaccess.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecuregrantrevokeaccess.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/cdevcsecuregrantrevokeaccess.dita (original) +++ db/derby/docs/trunk/src/devguide/cdevcsecuregrantrevokeaccess.dita Thu Jun 7 09:32:56 2007 @@ -56,7 +56,9 @@

    When a table, view, function, or procedure is created, the person that creates the object is referred to as the owner of the object. -Only the object owner and the database owner have full privileges on the object. +Only the object owner and the +database owner +have full privileges on the object. No other users have privileges on the object until the object owner grants privileges to them.

    Public and individual user privileges

    The object Modified: db/derby/docs/trunk/src/devguide/derbydev.ditamap URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/derbydev.ditamap?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/derbydev.ditamap (original) +++ db/derby/docs/trunk/src/devguide/derbydev.ditamap Thu Jun 7 09:32:56 2007 @@ -1511,6 +1511,8 @@ + + @@ -1520,6 +1522,10 @@ + + + + @@ -2223,6 +2229,8 @@ + + Modified: db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita (original) +++ db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita Thu Jun 7 09:32:56 2007 @@ -37,7 +37,7 @@

    When creating the database, the application developer encrypts the database by using the following connection URL:

    jdbc:derby:wombat;create=true;dataEncryption=true; - bootPassword=sxy90W348HHn + bootPassword=sxy90W348HHn;user=redbaron

    Before deploying the database, the application developer turns on user authentication, sets the authentication provider to BUILTIN, creates a single user and password, and disallows system-wide properties to protect @@ -49,16 +49,32 @@ 'derby.authentication.provider', 'BUILTIN') CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY( - 'derby.user.enduser', 'red29PlaNe') + 'derby.user.redbaron', 'red29PlaNe') CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY( 'derby.database.propertiesOnly', true')

    When the user connects (and boots) the database, the user has -to provide the bootPassword, the user name, and the password. The following -example shows how to provide those in a connection URL, although the application -programmer would probably provide GUI windows to allow the end user to type -those in:

    +to provide the bootPassword, the user name, and the password. +

    +

    + + The user name (the value specified by + the derby.user.enduser property) must be + supplied when the database is created, even if authentication is + not yet enabled. Otherwise the database owner will have the + default name "APP" + (see for + details). + +

    +

    + The following example shows how to provide these properties in a + connection URL, although the application programmer would probably + provide GUI windows to allow the end user to type those in: +

    +
    jdbc:derby:wombat;bootPassword=sxy90W348HHn; - user=enduser;password=red29PlaNe + user=redbaron;password=red29PlaNe Modified: db/derby/docs/trunk/src/devguide/rdevdvlp22102.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevdvlp22102.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/rdevdvlp22102.dita (original) +++ db/derby/docs/trunk/src/devguide/rdevdvlp22102.dita Thu Jun 7 09:32:56 2007 @@ -51,7 +51,9 @@
  • jdbc:derby:support/bugsdb;create=true

    Create the database support/bugsdb in the system directory, automatically creating the intermediate directory support if it does not exist.

    • -
  • jdbc:derby:sample;shutdown=true

    Shut down the sample database.

    • +
  • jdbc:derby:sample;shutdown=true

    Shut down the sample database. +(Authentication is not enabled, so no user credentials are required.) +

  • jdbc:derby:/myDB

    Access myDB (which is directly in a directory in the classpath) as a read-only database.

  • jdbc:derby:classpath:/myDB

    Access myDB (which is directly Modified: db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita (original) +++ db/derby/docs/trunk/src/devguide/tdevcsecurenewbootpw.dita Thu Jun 7 09:32:56 2007 @@ -50,9 +50,20 @@ the database.For example, when the following URL is used when the salesdb database is rebooted, the database is encrypted with the new encryption key, and is protected by the password new1234xyz: jdbc:derby:salesdb;bootPassword=abc1234xyz;newBootPassword=new1234xyzIf you disabled log archival before you applied the new boot +> + +

    + If authentication + and + SQL authorization + are both enabled, the credentials of the + database owner + must be supplied as well, since reencryption is a restricted operation. +

    + +

    If you disabled log archival before you applied the new boot password, create a new backup of the database after the database is reconfigured -with new the boot password.

     +with the new boot password.

    Modified: db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita (original) +++ db/derby/docs/trunk/src/devguide/tdevcsecurenewextkey.dita Thu Jun 7 09:32:56 2007 @@ -45,9 +45,21 @@ the database.For example, when the following URL is used when the salesdb database is rebooted, the database is encrypted with the new encryption key 6862636465666768:jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768'If you disabled log archival before you applied the new encryption +> + +

    + If authentication + and + SQL authorization + are both enabled, the credentials of the + database owner + must be supplied as well, since encryption is a restricted operation. +

    +     +

    If you disabled log archival before you applied the new encryption key, create a new backup of the database after the database is reconfigured -with new the encryption key.

     +with new the encryption key. +

     Modified: db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita (original) +++ db/derby/docs/trunk/src/devguide/tdevcsecurenewkeyoverview.dita Thu Jun 7 09:32:56 2007 @@ -53,6 +53,15 @@ To encrypt the database with a new external encryption key, use the newEncryptionKey attribute. + + If authentication + and + SQL authorization + are both enabled, the credentials of the + database owner + must be supplied, since reencryption is a restricted operation. + + Modified: db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita (original) +++ db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita Thu Jun 7 09:32:56 2007 @@ -62,8 +62,19 @@ For example, to encrypt the salesdb database with the boot password abc1234xyz, specify the following attributes in the URL:jdbc:derby:salesdb;dataEncryption=true;bootPassword=abc1234xyz -If you disabled log archival before you encrypted the database, create -a new backup of the database after the database is encrypted. + +

    + If authentication + and + SQL authorization + are both enabled, the credentials of the + database owner + must be supplied as well, since encryption is a restricted operation. +

    +     +

    +If you disabled log archival before you encrypted the database, create +a new backup of the database after the database is encrypted.

     Modified: db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita (original) +++ db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita Thu Jun 7 09:32:56 2007 @@ -38,6 +38,21 @@ down the database of the current connection if you specify the default connection instead of a database name (within an SQL statement).

    // shutting down a database from your application DriverManager.getConnection( - "jdbc:derby:sample;shutdown=true"); + "jdbc:derby:sample;shutdown=true"); +

    +If user +authentication +and +SQL authorization +are both enabled, only the +database owner +can shut down the database. +

    + +// shutting down an authenticated database as database owner +DriverManager.getConnection( + "jdbc:derby:securesample;user=joeowner;password=secret;shutdown=true"); + + Modified: db/derby/docs/trunk/src/ref/rrefattrib15290.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib15290.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib15290.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib15290.dita Thu Jun 7 09:32:56 2007 @@ -35,7 +35,19 @@ must be combined with the bootPassword=key attribute or the newEncryptionKey=key attribute. You have the option of also specifying the encryptionProvider=providerName and encryptionAlgorithm=algorithm attributes.

    • +href="rrefattrib60346.dita#rrefattrib60346">encryptionAlgorithm=algorithm attributes.

    +

    + For an existing, unencrypted database for which authentication + and SQL authorization are both + enabled, only the + database owner + can perform encryption. See also "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. +

    + Examples -- encrypt a new database jdbc:derby:encryptedDB;create=true;dataEncryption=true; bootPassword=cLo4u922sc23aPe Modified: db/derby/docs/trunk/src/ref/rrefattrib16471.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib16471.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib16471.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib16471.dita Thu Jun 7 09:32:56 2007 @@ -26,9 +26,20 @@
    Function

    Shuts down the specified database if you -specify a databaseName. (Reconnecting to the database reboots the database.)

    Shuts +specify a databaseName. (Reconnecting to the database reboots the database.) +For a database for which authentication and SQL authorization are both +enabled, only the +database owner +can perform shutdown of that database. +Please see "Enabling user authentication" +and "Setting the SQL standard authorization mode" +in the + +for more information. +

    Shuts down the entire system -if and only if you do not specify a databaseName

    When you are +if and only if you do not specify a databaseName.

    +

    When you are shutting down a single database, it lets perform a final checkpoint on the database.

    When you are shutting down a system, it lets perform a @@ -45,7 +56,7 @@ the DriverManager with a shutdown=true attribute raises an exception.

    -- shuts down entire system jdbc:derby:;shutdown=true --- shuts down salesDB +-- shuts down salesDB (authentication not enabled) jdbc:derby:salesDB;shutdown=true     Modified: db/derby/docs/trunk/src/ref/rrefattrib26867.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib26867.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib26867.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib26867.dita Thu Jun 7 09:32:56 2007 @@ -35,7 +35,30 @@ create time if failure occurs after the database call occurs. If a database connection URL used create=true and the connection fails to be created, check for the database directory. If it exists, remove it and its contents -before the next attempt to create the database.

    +before the next attempt to create the database.

    + +
    Database owner

    + When the database is created, the current authorization identifier + becomes the database owner (see the + ). + If authentication and SQL authorization are both enabled (see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + ), + only the database owner can + shut down + the database, + encrypt it, + reencrypt it with a new + boot password + or new + encryption key, + or perform a full upgrade. + If authentication is not enabled, and no + user is supplied, the database owner defaults to "APP", which is also + the name of the default schema (see ). +

    +
    Combining with other attributes

    You must specify a databaseName (after the subprotocol in the database connection URL) or a databaseName=nameofDatabase attribute Modified: db/derby/docs/trunk/src/ref/rrefattrib42100.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib42100.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib42100.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib42100.dita Thu Jun 7 09:32:56 2007 @@ -35,9 +35,25 @@

    Combining with other attributes

    When you create a new database, the bootPassword=key attribute must be combined with the create=true and dataEncryption=true attributes.

    When -you configure an existing unencrypted database for encryption, the bootPassword=key attribute -must be combined with the dataEncryption=true attribute.

    When +href="rrefattrib15290.dita#rrefattrib15290">dataEncryption=true attributes.

    +

    + When you configure an existing unencrypted database for encryption, + the bootPassword=key attribute must be combined with + the dataEncryption=true + attribute. + For an existing, unencrypted database for which authentication and + SQL authorization are both + enabled, only the + database owner + can perform encryption. + Please see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. + +

    +

    When you boot an existing encrypted database, no other attributes are necessary.

    Examples-- create a new, encrypted database jdbc:derby:newDB;create=true;dataEncryption=true; Modified: db/derby/docs/trunk/src/ref/rrefattrib60346.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib60346.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib60346.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib60346.dita Thu Jun 7 09:32:56 2007 @@ -38,7 +38,20 @@ must be combined with the bootPassword=key attribute and the dataEncryption=true attribute. You have the option of also specifying the encryptionProvider=providerName attribute -to specify the encryption provider of the algorithm.

    +to specify the encryption provider of the algorithm.

    +

    + For an existing database for which authentication and + SQL authorization are both + enabled, only the + database owner + can perform encryption or reencryption. + Please see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. +

    + Examples -- encrypt a new database jdbc:derby:encryptedDB;create=true;dataEncryption=true; encryptionProvider=com.sun.crypto.provider.SunJCE; Modified: db/derby/docs/trunk/src/ref/rrefattrib88843.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattrib88843.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattrib88843.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattrib88843.dita Thu Jun 7 09:32:56 2007 @@ -35,7 +35,20 @@
    Combining with other attributes

    The encryptionProvider attribute must be combined with the bootPassword=key and dataEncryption=true attributes. You can -also specify the encryptionAlgorithm=algorithm attribute.

    +also specify the encryptionAlgorithm=algorithm attribute.

    +

    + For an existing, unencrypted database for which authentication and + SQL authorization are both + enabled, only the + database owner + can perform encryption or reencryption. + Please see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. +

    + Examples-- create a new, encrypted database jdbc:derby:encryptedDB;create=true;dataEncryption=true; encryptionProvider=com.sun.crypto.provider.SunJCE; Modified: db/derby/docs/trunk/src/ref/rrefattribencryptkey.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribencryptkey.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattribencryptkey.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattribencryptkey.dita Thu Jun 7 09:32:56 2007 @@ -35,7 +35,18 @@
    Combining with other attributes

    When creating a new database, you must combine the encryptionKey attribute with the create=true and dataEncryption=true attributes.

    When you configure an existing unencrypted database for encryption, the encryptionKey attribute -must be combined with the dataEncryption=true attribute.

    When +must be combined with the dataEncryption=true attribute. +For an existing, unencrypted database for which authentication +and SQL authorization are both +enabled, only the +database owner +can perform encryption. +Please see "Enabling user authentication" +and "Setting the SQL standard authorization mode" +in the + +for more information. +

    When booting an existing encrypted database, you must also specify the encryptionAlgorithm attribute if the algorithm that was used when the database was created is not the default algorithm.

    The default encryption algorithm used by is Modified: db/derby/docs/trunk/src/ref/rrefattribnewbootpw.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribnewbootpw.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattribnewbootpw.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattribnewbootpw.dita Thu Jun 7 09:32:56 2007 @@ -36,7 +36,20 @@

    Combining with other attributes

    The newBootPassword attribute must be combined with the bootPassword=key attribute.

    You cannot change the encryption provider or the encryption algorithm when you -use the newBootPassword attribute.

    +use the newBootPassword attribute.

    +

    + For an existing encrypted database for which authentication and + SQL authorization are both + enabled, only the + database owner + can perform reencryption. + Please see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. +

    +
    Example-- specify a new boot password for a database jdbc:derby:salesdb;bootPassword=abc1234xyz;newBootPassword=new1234xyz Modified: db/derby/docs/trunk/src/ref/rrefattribnewencryptkey.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefattribnewencryptkey.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefattribnewencryptkey.dita (original) +++ db/derby/docs/trunk/src/ref/rrefattribnewencryptkey.dita Thu Jun 7 09:32:56 2007 @@ -35,7 +35,20 @@
    Combining with other attributes

    The newEncryptionKey attribute must be combined with the encryptionKey=key attribute.

    You cannot change the encryption provider or the encryption algorithm when you -use the newEncryptionKey attribute.

    +use the newEncryptionKey attribute.

    +

    + For an existing encrypted database for which authentication and + SQL authorization are both + enabled, only the + database owner + can perform reencryption. + Please see "Enabling user authentication" + and "Setting the SQL standard authorization mode" + in the + + for more information. +

    + Example-- specify a new encryption key for a database jdbc:derby:salesdb;encryptionKey=6162636465666768;newEncryptionKey=6862636465666768 Modified: db/derby/docs/trunk/src/ref/rrefcreatefunctionstatement.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefcreatefunctionstatement.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefcreatefunctionstatement.dita (original) +++ db/derby/docs/trunk/src/ref/rrefcreatefunctionstatement.dita Thu Jun 7 09:32:56 2007 @@ -28,7 +28,9 @@ -

    The function owner and the database owner automatically gain the +

    The function owner and the +database owner +automatically gain the EXECUTE privilege on the function, and are able to grant this privilege to other users. The EXECUTE privileges cannot be revoked from the function and database owners.

    Modified: db/derby/docs/trunk/src/ref/rrefcreateprocedurestatement.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefcreateprocedurestatement.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefcreateprocedurestatement.dita (original) +++ db/derby/docs/trunk/src/ref/rrefcreateprocedurestatement.dita Thu Jun 7 09:32:56 2007 @@ -28,7 +28,9 @@

    The CREATE PROCEDURE statement allows you to create Java stored procedures, which you can then call using the CALL PROCEDURE statement.

    The -procedure owner and the database owner automatically gain the EXECUTE privilege +procedure owner and the +database owner +automatically gain the EXECUTE privilege on the procedure, and are able to grant this privilege to other users. The EXECUTE privileges cannot be revoked from the procedure and database owners.

    SyntaxCREATE PROCEDURE The connection was refused because the database <databaseName> was not found. + 08004 + Database connection refused. + + + 08004 + User <userName> cannot shut down database <databaseName>. Only the database owner can perform this operation. + + + 08004 + User <userName> cannot (re)encrypt database <databaseName>. Only the database owner can perform this operation. + + + 08004 + User <userName> cannot hard upgrade database <databaseName>. Only the database owner can perform this operation. + + 08006 An error occurred during connect reset and the connection has been terminated. See chained exceptions for details. Modified: db/derby/docs/trunk/src/ref/rrefsqlj15446.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqlj15446.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqlj15446.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqlj15446.dita Thu Jun 7 09:32:56 2007 @@ -29,7 +29,9 @@ object that you can use until you drop it. Views are not updatable.

    If a qualified view name is specified, the schema name cannot begin with SYS.

    The view owner automatically gains the SELECT privilege on the view. The SELECT -privilege cannot be revoked from the view owner. The database owner automatically +privilege cannot be revoked from the view owner. The +database owner +automatically gains the SELECT privilege on the view and is able to grant this privilege to other users. The SELECT privilege cannot be revoked from the database owner.

    The view owner can only grant the SELECT privilege to other users if the view Modified: db/derby/docs/trunk/src/ref/rrefsqlj24513.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqlj24513.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqlj24513.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqlj24513.dita Thu Jun 7 09:32:56 2007 @@ -29,8 +29,9 @@

    A CREATE TABLE statement creates a table. Tables contain columns and constraints, rules to which data must conform. Table-level constraints specify a column or columns. Columns have a data type and can specify column -constraints (column-level constraints).

    The table owner and the database -owner automatically gain the following privileges on the table and are able +constraints (column-level constraints).

    The table owner and the +database owner +automatically gain the following privileges on the table and are able to grant these privileges to other users:

    • INSERT
    • SELECT
      • Modified: db/derby/docs/trunk/src/ref/rrefsqlj40506.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqlj40506.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqlj40506.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqlj40506.dita Thu Jun 7 09:32:56 2007 @@ -29,7 +29,9 @@

      The LOCK TABLE statement allows you to explicitly acquire a shared or exclusive table lock on the specified table. The table lock lasts until the end of the current transaction.

      To lock a table, you must either -be the database owner or the table owner.

      Explicitly locking a table +be the +database owner +or the table owner.

      Explicitly locking a table is useful to:

      • Avoid the overhead of multiple row locks on a table (in other words, user-initiated lock escalation)
        • Modified: db/derby/docs/trunk/src/ref/rrefsqlj43125.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqlj43125.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqlj43125.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqlj43125.dita Thu Jun 7 09:32:56 2007 @@ -42,8 +42,9 @@ any number of triggers for a single table, including multiple triggers on the same table for the same event.

        You can create a trigger in any schema where you are the schema owner. To create a trigger on a table that you do -not own, you must be granted the TRIGGER privilege on that table. The database -owner can also create triggers on any table in any schema.

        The trigger +not own, you must be granted the TRIGGER privilege on that table. The +database owner +can also create triggers on any table in any schema.

        The trigger does not need to reside in the same schema as the table on which the trigger is defined.

        If a qualified trigger name is specified, the schema name cannot begin with SYS.

      Modified: db/derby/docs/trunk/src/ref/rrefsqljrenametablestatement.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqljrenametablestatement.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqljrenametablestatement.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqljrenametablestatement.dita Thu Jun 7 09:32:56 2007 @@ -27,7 +27,9 @@

      RENAME TABLE allows you to rename an existing table in any schema (except the schema SYS).

      To rename a table, you must either -be the database owner or the table owner.

      +be the +database owner +or the table owner.

    Syntax RENAME TABLE table-Name TO new-Table-Name

    If there is a view or foreign key that references the table, attempts to rename Modified: db/derby/docs/trunk/src/ref/rrefsqljrevoke.dita URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefsqljrevoke.dita?view=diff&rev=545237&r1=545236&r2=545237 ============================================================================== --- db/derby/docs/trunk/src/ref/rrefsqljrevoke.dita (original) +++ db/derby/docs/trunk/src/ref/rrefsqljrevoke.dita Thu Jun 7 09:32:56 2007 @@ -39,7 +39,8 @@

    Before you issue a REVOKE statement, check that the derby.database.sqlAuthorization property is set to true. The derby.database.sqlAuthorization property enables the SQL Authorization mode.

    You can revoke privileges from an -object if you are the owner of the object or the database owner.

    The +object if you are the owner of the object or the +database owner.

    The syntax that you use for the REVOKE statement depends on whether you are revoking privileges to a table or to a routine.

    Syntax for tablesREVOKE privilege-type