db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1141084 - in /db/derby/docs/trunk/src/devguide: cdevcsecuresqlauthupgrade.dita derbydev.ditamap
Date Wed, 29 Jun 2011 13:06:46 GMT
Author: rhillegas
Date: Wed Jun 29 13:06:46 2011
New Revision: 1141084

URL: http://svn.apache.org/viewvc?rev=1141084&view=rev
DERBY-5299: Add topic to Developer's Guide on how to add authentication and authorization
to an old, unprotected database.

    db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita   (with props)

Added: db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita?rev=1141084&view=auto
--- db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita (added)
+++ db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita Wed Jun 29 13:06:46 2011
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "concept.dtd">
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+   http://www.apache.org/licenses/LICENSE-2.0  
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+See the License for the specific language governing permissions and  
+limitations under the License.
+<concept id="cdevcsecuresqlauthupgrade" xml:lang="en-us">
+<title>Upgrading an old database to use SQL standard authorization</title>
+<shortdesc>An old, unprotected database can be shielded with
+authentication and SQL authorization later on.</shortdesc>
+<indexterm>SQL standard authorization mode</indexterm>
+<section id="authupgradehowto"><title>Upgrading Authentication and Authorization</title>
+<p>To protect a single-user database and convert it to a shared,
+multi-user database, simply enable authentication and SQL
+authorization. To do this, first turn on user authentication as
+described in the section on
+<xref href="cdevcsecure42374.dita#cdevcsecure42374">Working with user authentication</xref>.
+Make sure that you supply login credentials for the database owner. In
+most single-user databases, the database owner is APP. However, the
+database owner could be some other user if the original database
+creation URL specified a user name--see the section on
+<xref href="cdevcsecureDbOwner.dita#cdevcsecureDbOwner">Database owner</xref>.
+If you are unsure about who owns the database, run the following query:
+<codeblock>select authorizationid from sys.sysschemas where schemaname = 'SYS'</codeblock>
+After enabling user authentication, turn on SQL authorization. To do
+this, connect to the database as the database owner and issue the
+following command:
+<codeblock>call syscs_util.syscs_set_database_property( 'derby.database.sqlAuthorization',
'true' )</codeblock>
+Now shutdown the database to activate the new value of
+<codeph>derby.database.sqlAuthorization</codeph>. The next time you
+boot the database, it will be protected by authentication and SQL authorization.
+<section id="authupgradebehavior"><title>Behavior of Upgraded Databases</title>
+You will notice the following behavior changes in your upgraded database:
+<li><b>Data</b> - Users can access data in their own schemas. However,
+users cannot access data in schemas owned by other users. In
+particular, other users cannot access data in schemas belonging to the
+database owner. The database owner may need to GRANT access to that data.</li>
+<li><b>Database Maintenance</b> - In a single-user database, anyone
+can run maintenance procedures to backup/restore and import/export
+data. In the upgraded, multi-user database,
+only the database owner can perform these sensitive operations.</li>

Propchange: db/derby/docs/trunk/src/devguide/cdevcsecuresqlauthupgrade.dita
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/devguide/derbydev.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/derbydev.ditamap?rev=1141084&r1=1141083&r2=1141084&view=diff
--- db/derby/docs/trunk/src/devguide/derbydev.ditamap (original)
+++ db/derby/docs/trunk/src/devguide/derbydev.ditamap Wed Jun 29 13:06:46 2011
@@ -2099,6 +2099,7 @@ with updatable result sets"></topicref>
 <topicref href="cdevcsecuregrantrevokeaccess.dita" navtitle="Using SQL standard authorization"></topicref>
 <topicref href="cdevcsecureprivileges.dita" navtitle="Privileges on views, triggers, and
 <topicref href="cdevcsecureroles.dita" navtitle="Using SQL roles"></topicref>
+<topicref href="cdevcsecuresqlauthupgrade.dita" navtitle="Upgrading an old database to
use SQL standard authorization"></topicref>
 <topicref href="rdevcsecuresqlauthexceptions.dita" navtitle="SQL standard authorization

View raw message