db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajesh Kartha" <karth...@gmail.com>
Subject Re: Question about Grant/Revoke
Date Thu, 16 Mar 2006 16:54:18 GMT
>
>So that means if I put the 'derby.database.sqlAutherization' property in
the derby.property file can I do grant/Revoke now?
>
As I understand, currently the statements should execute, but it won't be
enforced till Part 2 for DERBY-464 is applied. So any
negative tests to verify permissions will not work.

-Rajesh


On 3/15/06, Manjula G Kutty < manjula.kutty@gmail.com> wrote:
>
> Hi Satheesh,
> Thanks for your reply. So that means if I put the
> 'derby.database.sqlAutherization' property in the derby.property file
> can I do grant/Revoke now? Also one minor suggestion from my view, The
> functional spec talks about these property under the heading 'derby
> upgrade and migration'. Can you move that under some other meaningful
> heading?
>
>
> Thanks
> Manjula
>
>
> Satheesh Bandaram wrote:
>
> >Manjula G Kutty wrote:
> >
> >
> >
> >>Hi ,
> >>I was investigating the Grant/Revoke functionality added till now. And
> >>found
> >>
> >>0 rows inserted/updated/deleted
> >>ij> grant select on t1 to mkutty;
> >>ERROR 42Z60: GRANT not allowed unless database property
> >>derby.database.defaultConnectionMode has value 'sqlStandard'.
> >>
> >>
> >
> >This was the original proposal on how to ask for SQL authorization
> >mode... by setting defaultConnectionMode. Following further discussion
> >on the list, the functional spec has been changed say
> >'derby.database.sqlAuthorization' is the way to ask for SQL
> >authorization. Change in functionality hasn't been reflected in the code
> >yet.
> >
> >
> >
> >>Also to mention that if I'm not mistaken I have to put the
> >>derby.database.sqlAuthorization property only for upgrading derby from
> >>version10.1 right?  I came to this conclusion because I found the
> >>follwing sentences on the functional spec under "*derby upgrade and
> >>migration*"
> >>
> >>
> >
> >No... Default authorization model in Derby 10.2 is still legacy mode..
> >So if you create a database without setting sqlAuthorization property,
> >you shouldn't be able to do GRANT/REVOKE. Only if you have the property
> >set to true, SQL authorization would be enforced. This is to maintain
> >backwards compatibility.
> >
> >Satheesh
> >
> >
> >
> >>http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
>
> >>
> >>
> >><quote>
> >>When a database is created, if derby.database.sqlAuthorization
> >>property value is true, the database gets created with standard
> >>security mode, enabling grant and revoke. This property could be set
> >>either as a system property in derby.properties file or as application
> >>property.
> >></quote>
> >>
> >>But the following lines caught my attention
> >>
> >><quote>
> >>It may be good to switch the default connection mode to standard model
> >>and hence support grant/revoke by default in future releases.
> >></quote>
> >>
> >>Is this being implemented?
> >>
> >>Can any one please clarify?
> >>
> >>Thanks
> >>Manjula
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
>
>

Mime
View raw message