Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 33899 invoked from network); 28 Feb 2006 20:45:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 28 Feb 2006 20:45:28 -0000 Received: (qmail 11760 invoked by uid 500); 28 Feb 2006 20:45:28 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 11515 invoked by uid 500); 28 Feb 2006 20:45:27 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 11495 invoked by uid 99); 28 Feb 2006 20:45:27 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Feb 2006 12:45:27 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UPPERCASE_25_50 X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [32.97.182.141] (HELO e1.ny.us.ibm.com) (32.97.182.141) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Feb 2006 12:45:26 -0800 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e1.ny.us.ibm.com (8.12.11/8.12.11) with ESMTP id k1SKj4qT024966 for ; Tue, 28 Feb 2006 15:45:04 -0500 Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay02.pok.ibm.com (8.12.10/NCO/VER6.8) with ESMTP id k1SKj5DB126130 for ; Tue, 28 Feb 2006 15:45:05 -0500 Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.12.11/8.13.3) with ESMTP id k1SKj5FX011273 for ; Tue, 28 Feb 2006 15:45:05 -0500 Received: from [127.0.0.1] (DMCSDJDT41P.usca.ibm.com [9.72.133.66]) by d01av01.pok.ibm.com (8.12.11/8.12.11) with ESMTP id k1SKj3Ut011142 for ; Tue, 28 Feb 2006 15:45:04 -0500 Message-ID: <4404B64F.8010403@apache.org> Date: Tue, 28 Feb 2006 12:45:03 -0800 From: Daniel John Debrunner User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-us, en, de MIME-Version: 1.0 To: derby-dev@db.apache.org Subject: Re: Right place to save database owner ... References: <43FF59A7.5060509@Sourcery.Org> <44009EC7.9030103@apache.org> <4400B2FA.9000504@Sourcery.Org> <4404B481.6070500@Sourcery.Org> In-Reply-To: <4404B481.6070500@Sourcery.Org> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Satheesh Bandaram wrote: [snip] > I will add RoutinePermsDescriptors to allow execute privilege to > other system routines that all users should be able to invoke by > default. (like SYSCS_GET_DATABASE_PROPERTY, SYSCS_EXPORT_TABLE, > SYSCS_GET_RUNTIMESTATISTICS, SYSCS_IMPORT_TABLE, > SYSCS_SET_STATISTICS_TIMING, SYSCS_SET_RUNTIMESTATISTICS, > SYSCS_INPLACE_COMPRESS_TABLE, SYSCS_COMPRESS_TABLE) SYSCS_GET_DATABASE_PROPERTY seems like one that should be restricted to database owner. Not sure on the compress tables ones, seem more like database owner. > I also think all routines in SYSIBM schema should be executable by all. > Only DBA access for INSTALL_JAR, REMOVE_JAR and REPLACE_JAR, by default? Any chance of a list of all system procedures and if they will be executable by public or only database owner, security invoker or definer? Thanks, Dan.