db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: Grant and Revoke, Part II ... DERBY-464...
Date Wed, 15 Feb 2006 02:09:55 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
Daniel John Debrunner wrote:<br>
<blockquote cite="mid43ECDBA6.9080204@apache.org" type="cite">
  <pre wrap="">
I guess I don't understand how 1) is useful. In this mode by adding
grant/revoke in its current form you are removing key authorization
options. For example if I'm using an LDAP authentication scheme I won't
be able to limt the set of authenticated LDAP users who can connect to
my database. I can do that now, and with 2) I can do that and have more
fine grained authorization.

Right... I was thinking system privileges, when done, will address this
issue. I also think second option is best... especially for current
Derby customers.<br>
I will go update Grant &amp; Revoke functional spec attached to JIRA. I
will also discuss some high level design details for Phase II. You
suggested adding another property:<br>
<pre wrap="">derby.database.sqlAuthorization={true|false}</pre>
I think we only want this property being changed from <i>false </i>to
<i>true</i>, but not the other way.. correct? If this property is set
at system level when a database is created, should Derby automatically
make this a database property? This will ensure the property value is
moved with the database.<br>
What should happen if grant or revoke is issued in a database that has
this property set to FALSE or not at all? I thought the consensus was
Derby should perform the operation, but raise a warning saying
sqlAuthorization is not enabled in that database.<br>
<pre wrap="">

View raw message