db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: Question about Grant/Revoke
Date Thu, 16 Mar 2006 00:04:01 GMT


Manjula G Kutty wrote:

> Hi ,
> I was investigating the Grant/Revoke functionality added till now. And
> found
>
> 0 rows inserted/updated/deleted
> ij> grant select on t1 to mkutty;
> ERROR 42Z60: GRANT not allowed unless database property
> derby.database.defaultConnectionMode has value 'sqlStandard'.

This was the original proposal on how to ask for SQL authorization
mode... by setting defaultConnectionMode. Following further discussion
on the list, the functional spec has been changed say
'derby.database.sqlAuthorization' is the way to ask for SQL
authorization. Change in functionality hasn't been reflected in the code
yet.

> Also to mention that if I'm not mistaken I have to put the
> derby.database.sqlAuthorization property only for upgrading derby from
> version10.1 right?  I came to this conclusion because I found the
> follwing sentences on the functional spec under "*derby upgrade and
> migration*"

No... Default authorization model in Derby 10.2 is still legacy mode..
So if you create a database without setting sqlAuthorization property,
you shouldn't be able to do GRANT/REVOKE. Only if you have the property
set to true, SQL authorization would be enforced. This is to maintain
backwards compatibility.

Satheesh

>
> http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
>
>
> <quote>
> When a database is created, if derby.database.sqlAuthorization
> property value is true, the database gets created with standard
> security mode, enabling grant and revoke. This property could be set
> either as a system property in derby.properties file or as application
> property.
> </quote>
>
> But the following lines caught my attention
>
> <quote>
> It may be good to switch the default connection mode to standard model
> and hence support grant/revoke by default in future releases.
> </quote>
>
> Is this being implemented?
>
> Can any one please clarify?
>
> Thanks
> Manjula
>
>
>
>


Mime
View raw message