db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: Grant -revoke (464) and future backwards compat
Date Tue, 21 Feb 2006 19:10:00 GMT
On 2/21/06, Satheesh Bandaram <satheesh@sourcery.org> wrote:
>
> Oystein Grovlen - Sun Norway wrote:
>
> > Daniel John Debrunner wrote:
> >
> >> CREATE SCHEMA
> >>     - only create schema matching user's name
> >>     - good for now, forwards compatible with the
> >>     future where permission to create any schema
> >>     could be granted explicitly.
> >
> >
> > Does this mean that we will only allow one schema per user?  That
> > seems like a severe limitation.  I guess I am missing something.
>
> This is where Francois's work on system privileges is needed. Current
> grant/revoke proposal only deals with access privileges to existing
> objects, like ability to grant/revoke select, insert, delete, update or
> allow references/triggers to tables and execute privilege to routines.
> What is sorely needed is ability to grant/revoke system/database access
> and I thought Francois was working on this. Any status Francois?
>

I'll be posting more information soon.

> Until these system privileges are ready, current proposal limits
> accesses that would cause forward compatibility issues. If sqlStandard
> mode allows unrestricted schema creation now, this would cause issues in
> the future where existing applications may need to change or we have to
> introduce another property like what is being done now. Current legacy
> authorization model is not compatible with standard model or what Derby
> might really want to support, but at the same time, we can't drop
> support for it because of existing applications. I believe Dan is try to
> ensure current proposal doesn't create any future compatibility issues,
> even if in the short term, Derby's new capabilities are restrictive.
>
> Satheesh
>
>

Mime
View raw message