Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 63619 invoked from network); 22 Feb 2006 18:50:43 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 Feb 2006 18:50:43 -0000 Received: (qmail 70725 invoked by uid 500); 22 Feb 2006 18:50:42 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 70695 invoked by uid 500); 22 Feb 2006 18:50:42 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 70686 invoked by uid 99); 22 Feb 2006 18:50:42 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Feb 2006 10:50:42 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [32.97.110.153] (HELO e35.co.us.ibm.com) (32.97.110.153) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Feb 2006 10:50:41 -0800 Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e35.co.us.ibm.com (8.12.11/8.12.11) with ESMTP id k1MIoKMu019607 for ; Wed, 22 Feb 2006 13:50:20 -0500 Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by westrelay02.boulder.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id k1MIlujN191280 for ; Wed, 22 Feb 2006 11:47:56 -0700 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.12.11/8.13.3) with ESMTP id k1MIoKpZ021987 for ; Wed, 22 Feb 2006 11:50:20 -0700 Received: from [127.0.0.1] (bandaram.svl.ibm.com [9.30.38.147]) by d03av04.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id k1MIoIGb021797 for ; Wed, 22 Feb 2006 11:50:20 -0700 Message-ID: <43FCB215.4030609@Sourcery.Org> Date: Wed, 22 Feb 2006 10:48:53 -0800 From: Satheesh Bandaram User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Derby Development Subject: [Fwd: [jira] Updated: (DERBY-464) Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.] X-Enigmail-Version: 0.85.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/mixed; boundary="------------070102020802060001090005" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multi-part message in MIME format. --------------070102020802060001090005 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I posted Grant and Revoke, Part II patch about 2 days ago and would like to submit this patch to trunk over this weekend. I would appreciate any review comments by then. Satheesh --------------070102020802060001090005 Content-Type: message/rfc822; name="[jira] Updated: (DERBY-464) Enhance Derby by adding grant/revoke support.Grant/Revoke provide finner level of privileges than currently provided byDerby that is especially useful in network configurations." Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="[jira] Updated: (DERBY-464) Enhance Derby by adding grant/revoke support.Grant/Revoke provide finner level of privileges than currently provided byDerby that is especially useful in network configurations." Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on Boron.MeepZor.Com X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Level: Received: from mail.apache.org (hermes.apache.org [209.237.227.199]) by Boron.MeepZor.Com (8.12.8/8.12.8) with SMTP id k1KEN4MI015291 for ; Mon, 20 Feb 2006 09:23:35 -0500 Received: (qmail 18857 invoked by uid 500); 20 Feb 2006 14:22:50 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 18735 invoked by uid 99); 20 Feb 2006 14:22:49 -0000 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=SPF_FAIL Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Feb 2006 06:22:47 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 805F5DF for ; Mon, 20 Feb 2006 15:22:26 +0100 (CET) Message-ID: <960032668.1140445346523.JavaMail.jira@ajax.apache.org> Date: Mon, 20 Feb 2006 15:22:26 +0100 (CET) From: "Satheesh Bandaram (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-464) Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations. In-Reply-To: <1439014097.1121475009861.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://issues.apache.org/jira/browse/DERBY-464?page=all ] Satheesh Bandaram updated DERBY-464: ------------------------------------ Attachment: GrantRevokePartII.txt I am attaching Grant and Revoke, Part II patch to implement authorization scheme. This patch enforces permission checks that part I patch records in system catalogs. I am still adding more test cases and need to update functional spec with some review comments. Let me know if anyone has any comments or have trouble applying the patch. I moved some grant revoke tests, so may confuse patch program. Next I will work on implementing authorization for Trigger, View and Constraints, followed by some upgrade, migration and metadata changes. > Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations. > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: DERBY-464 > URL: http://issues.apache.org/jira/browse/DERBY-464 > Project: Derby > Type: New Feature > Components: SQL > Versions: 10.0.2.1, 10.1.1.0, 10.2.0.0 > Environment: generic > Reporter: Satheesh Bandaram > Assignee: Satheesh Bandaram > Attachments: GrantRevokePartII.txt, grantRevoke.patch.Dec5, grantRevoke.stat.Dec5, grantRevokeSpec.html > > Derby currently provides a very simple permissions scheme, which is quite suitable for an embedded database system. End users of embedded Derby do not see Derby directly; they talk to a application that embeds Derby. So Derby left most of the access control work to the application. Under this scheme, Derby limits access on a per database or per system basis. A user can be granted full, read-only, or no access. > This is less suitable in a general purpose SQL server. When end users or diverse applications can issue SQL commands directly against the database, Derby must provide more precise mechanisms to limit who can do what with the database. > I propose to enhance Derby by implementing a subset of grant/revoke capabilities as specified by the SQL standard. I envision this work to involve the following tasks, at least: > 1) Develop a specification of what capabilities I would like to add to Derby. > 2) Provide a high level implementation scheme. > 3) Pursue a staged development plan, with support for DDL added to Derby first. > 4) Add support for runtime checking of these privileges. > 5) Address migration and upgrade issues from previous releases and from old scheme to newer database. > Since I think this is a large task, I would like to invite any interested people to work with me on this large and important enhancement to Derby. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------070102020802060001090005--