db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oystein Grovlen - Sun Norway <Oystein.Grov...@Sun.COM>
Subject Re: Question about Grant/Revoke
Date Tue, 28 Mar 2006 13:42:01 GMT
Francois Orsini wrote:

> Grant or Revoke statement would have to succeed to enable sqlStandard
> authorization mode automatically, with someone having enough privilege
> to issue a successful Grant/Revoke operation in the first place - at
> the same time, implictly and silently setting the authorization mode
> to be sqlAuthorization the first time a Grant OP is invoked could be a
> problem if the user issuing it is not the/a derby system administrator
> type of role (unless he/she does it on his/her own objects) and
> ending-up turning on sqlAuthorization mode. Some admin may not want to
> see this happen. 

I recognize that everybody should not be allowed to turn on SQL 
authorization.  I guess since the old system does not have an 
administrator role this will be difficult to achieve.

> Am not understanding the following "If one is only
> running existing applications one should not be affected since they
> will not use GRANT/REVOKE" - are you suggesting an authorization mode
> at the connection/session level? It is set at the database level so
> you should not have mixed users authorizing with legacy versus others
> using sqlAuthorization...I may have misunderstood what you meant...

I was thinking of exisiting applications running against existing 
databases vs new applications on a new database; not both existing and 
new application against the same database.  In other words, would it be 
possible to turn it on automatically for new databases while new 
versions  against old databases will work as before?

I just realized that what I ask for is soft upgrade.  In other words, do 
we have to keep the old authorization as the default to provide for 
backward compatibility?  Could we not just require that old applications 
run in soft upgrade mode if they do not want to deal with SQL authorization?

-- 
Øystein Grøvlen, Senior Staff Engineer
Sun Microsystems, Database Technology Group
Trondheim, Norway

Mime
View raw message