db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manjula G Kutty <manjula.ku...@gmail.com>
Subject Re: Question about Grant/Revoke
Date Fri, 17 Mar 2006 22:31:24 GMT
So if I put derby.database.sqlAuthorization=true in the derby.properties 
file then the command like this should execute without error message?
ij> connect 'jdbc:derby:grntdb;create=true' user 'mkutty';
ij> create table tab1(i int, j int);
0 rows inserted/updated/deleted
ij> grant select on tab1 to mkutty;

But after the last statement I 'm getting the error message :
ERROR 42Z60: GRANT not allowed unless database property 
derby.database.defaultCo
nnectionMode has value 'sqlStandard'.


Am I doing something wrong here?

--Manjula

Rajesh Kartha wrote:

> >
> >So that means if I put the 'derby.database.sqlAutherization' property 
> in the derby.property file can I do grant/Revoke now?
> >
> As I understand, currently the statements should execute, but it won't 
> be enforced till Part 2 for DERBY-464 is applied. So any
> negative tests to verify permissions will not work.
>
> -Rajesh
>
>
> On 3/15/06, *Manjula G Kutty* < manjula.kutty@gmail.com 
> <mailto:manjula.kutty@gmail.com>> wrote:
>
>     Hi Satheesh,
>     Thanks for your reply. So that means if I put the
>     'derby.database.sqlAutherization' property in the derby.property file
>     can I do grant/Revoke now? Also one minor suggestion from my view, The
>     functional spec talks about these property under the heading 'derby
>     upgrade and migration'. Can you move that under some other meaningful
>     heading?
>
>
>     Thanks
>     Manjula
>
>
>     Satheesh Bandaram wrote:
>
>     >Manjula G Kutty wrote:
>     >
>     >
>     >
>     >>Hi ,
>     >>I was investigating the Grant/Revoke functionality added till
>     now. And
>     >>found
>     >>
>     >>0 rows inserted/updated/deleted
>     >>ij> grant select on t1 to mkutty;
>     >>ERROR 42Z60: GRANT not allowed unless database property
>     >>derby.database.defaultConnectionMode has value 'sqlStandard'.
>     >>
>     >>
>     >
>     >This was the original proposal on how to ask for SQL authorization
>     >mode... by setting defaultConnectionMode. Following further
>     discussion
>     >on the list, the functional spec has been changed say
>     >'derby.database.sqlAuthorization' is the way to ask for SQL
>     >authorization. Change in functionality hasn't been reflected in
>     the code
>     >yet.
>     >
>     >
>     >
>     >>Also to mention that if I'm not mistaken I have to put the
>     >>derby.database.sqlAuthorization property only for upgrading
>     derby from
>     >>version10.1 right?  I came to this conclusion because I found the
>     >>follwing sentences on the functional spec under "*derby upgrade and
>     >>migration*"
>     >>
>     >>
>     >
>     >No... Default authorization model in Derby 10.2 is still legacy
>     mode..
>     >So if you create a database without setting sqlAuthorization
>     property,
>     >you shouldn't be able to do GRANT/REVOKE. Only if you have the
>     property
>     >set to true, SQL authorization would be enforced. This is to
>     maintain
>     >backwards compatibility.
>     >
>     >Satheesh
>     >
>     >
>     >
>     >>
>     http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
>     <http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html>
>     >>
>     >>
>     >><quote>
>     >>When a database is created, if derby.database.sqlAuthorization
>     >>property value is true, the database gets created with standard
>     >>security mode, enabling grant and revoke. This property could be
>     set
>     >>either as a system property in derby.properties file or as
>     application
>     >>property.
>     >></quote>
>     >>
>     >>But the following lines caught my attention
>     >>
>     >><quote>
>     >>It may be good to switch the default connection mode to standard
>     model
>     >>and hence support grant/revoke by default in future releases.
>     >></quote>
>     >>
>     >>Is this being implemented?
>     >>
>     >>Can any one please clarify?
>     >>
>     >>Thanks
>     >>Manjula
>     >>
>     >>
>     >>
>     >>
>     >>
>     >>
>     >
>     >
>     >
>     >
>
>


Mime
View raw message