db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: Grant -revoke (464) and future backwards compat
Date Tue, 21 Feb 2006 17:29:37 GMT

Oystein Grovlen - Sun Norway wrote:

> Daniel John Debrunner wrote:
>
>> CREATE SCHEMA
>>     - only create schema matching user's name
>>     - good for now, forwards compatible with the
>>     future where permission to create any schema
>>     could be granted explicitly.
>
>
> Does this mean that we will only allow one schema per user?  That
> seems like a severe limitation.  I guess I am missing something.

This is where Francois's work on system privileges is needed. Current
grant/revoke proposal only deals with access privileges to existing
objects, like ability to grant/revoke select, insert, delete, update or
allow references/triggers to tables and execute privilege to routines.
What is sorely needed is ability to grant/revoke system/database access
and I thought Francois was working on this. Any status Francois?

Until these system privileges are ready, current proposal limits
accesses that would cause forward compatibility issues. If sqlStandard
mode allows unrestricted schema creation now, this would cause issues in
the future where existing applications may need to change or we have to
introduce another property like what is being done now. Current legacy
authorization model is not compatible with standard model or what Derby
might really want to support, but at the same time, we can't drop
support for it because of existing applications. I believe Dan is try to
ensure current proposal doesn't create any future compatibility issues,
even if in the short term, Derby's new capabilities are restrictive.

Satheesh


Mime
View raw message