db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Grant and Revoke, Part II ... DERBY-464...
Date Wed, 08 Feb 2006 22:50:54 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I am getting ready to submit a patch for review, that adds parts of
Grant and Revoke Part II support. With this patch, I am trying to
enforce table privileges that are granted to users using Part I patch
that is already submitted. After this patch, I will work on adding
upgrade support to upgrade a 10.1 database to 10.2, JDBC metadata
changes and migration model for legacy database to enable grant and
revoke functionality. Once all these changes are done, I will then try
to address other parts of the spec, like routine privileges, views and
triggers. Let me know if there are any concerns or comments on this
plan.<br>
<br>
I am not sure if previous discussion about migrating a legacy mode
database to Grant Revoke model was finalized. It seems there were two
thoughts:<br>
<ol>
  <li>Keep authorization models separate. Legacy mode database can be
migrated to sqlStandard model by connecting with a URL property.
(sqlAuthorization=true)</li>
  <li>Dan proposed combining both models with Grant and Revoke
capability being seen as adding fine-grain access control on top of
current model. While this proposal doesn't impact Grant and Revoke work
being done currently by much, it may have implications on some future
work. (like system privileges) This does make it easier for existing
databases to adapt new capabilities.<br>
  </li>
</ol>
Satheesh<br>
<br>
Daniel John Debrunner wrote:<br>
<blockquote cite="mid43C52573.4020508@apache.org" type="cite">
  <pre wrap="">Satheesh Bandaram wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">I think mixing both will lead to confusion to users many already
familiar with the ansi subset model being proposed. This will also
create hurdles as we expand authorization scheme to support roles and
"system privileges" as Francois calls them and other security capabilities.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
I'm more proposing this to deal with existing Derby applications and
finding an easy way to bring them into the new world of grant revoke.
Users familiar with the ansi subset model would just use that, no need
to get involved with the defaultConnectionModel. Though until roles and
system privileges is supported, they might need to to ensure a secure
system. I haven't seen any proposal on these roles or system privileges
so I'm looking at how secure Derby will be in its next release given
what has been proposed and is being worked on.

Dan.</pre>
</blockquote>
</body>
</html>


Mime
View raw message