db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject Re: Question about Grant/Revoke
Date Sun, 19 Mar 2006 02:00:22 GMT
Manjula, following is how I start ij to enable grant/revoke
$ java -Dderby.database.defaultConnectionMode=sqlStandard -
Dij.exceptionTrace=true org.apache.derby.tools.ij

So, the property you need in derby.properties file is
Dderby.database.defaultConnectionMode=sqlStandard. I haven't done sync on my
client in quite some time but I think it is still the right property to
enable grant/revoke.

Mamta


On 3/17/06, Manjula G Kutty <manjula.kutty@gmail.com> wrote:
>
> So if I put derby.database.sqlAuthorization=true in the derby.properties
> file then the command like this should execute without error message?
> ij> connect 'jdbc:derby:grntdb;create=true' user 'mkutty';
> ij> create table tab1(i int, j int);
> 0 rows inserted/updated/deleted
> ij> grant select on tab1 to mkutty;
>
> But after the last statement I 'm getting the error message :
> ERROR 42Z60: GRANT not allowed unless database property
> derby.database.defaultCo
> nnectionMode has value 'sqlStandard'.
>
>
> Am I doing something wrong here?
>
> --Manjula
>
> Rajesh Kartha wrote:
>
> > >
> > >So that means if I put the 'derby.database.sqlAutherization' property
> > in the derby.property file can I do grant/Revoke now?
> > >
> > As I understand, currently the statements should execute, but it won't
> > be enforced till Part 2 for DERBY-464 is applied. So any
> > negative tests to verify permissions will not work.
> >
> > -Rajesh
> >
> >
> > On 3/15/06, *Manjula G Kutty* < manjula.kutty@gmail.com
> > <mailto:manjula.kutty@gmail.com>> wrote:
> >
> >     Hi Satheesh,
> >     Thanks for your reply. So that means if I put the
> >     'derby.database.sqlAutherization' property in the derby.propertyfile
> >     can I do grant/Revoke now? Also one minor suggestion from my view,
> The
> >     functional spec talks about these property under the heading 'derby
> >     upgrade and migration'. Can you move that under some other
> meaningful
> >     heading?
> >
> >
> >     Thanks
> >     Manjula
> >
> >
> >     Satheesh Bandaram wrote:
> >
> >     >Manjula G Kutty wrote:
> >     >
> >     >
> >     >
> >     >>Hi ,
> >     >>I was investigating the Grant/Revoke functionality added till
> >     now. And
> >     >>found
> >     >>
> >     >>0 rows inserted/updated/deleted
> >     >>ij> grant select on t1 to mkutty;
> >     >>ERROR 42Z60: GRANT not allowed unless database property
> >     >>derby.database.defaultConnectionMode has value 'sqlStandard'.
> >     >>
> >     >>
> >     >
> >     >This was the original proposal on how to ask for SQL authorization
> >     >mode... by setting defaultConnectionMode. Following further
> >     discussion
> >     >on the list, the functional spec has been changed say
> >     >'derby.database.sqlAuthorization' is the way to ask for SQL
> >     >authorization. Change in functionality hasn't been reflected in
> >     the code
> >     >yet.
> >     >
> >     >
> >     >
> >     >>Also to mention that if I'm not mistaken I have to put the
> >     >>derby.database.sqlAuthorization property only for upgrading
> >     derby from
> >     >>version10.1 right?  I came to this conclusion because I found the
> >     >>follwing sentences on the functional spec under "*derby upgrade
> and
> >     >>migration*"
> >     >>
> >     >>
> >     >
> >     >No... Default authorization model in Derby 10.2 is still legacy
> >     mode..
> >     >So if you create a database without setting sqlAuthorization
> >     property,
> >     >you shouldn't be able to do GRANT/REVOKE. Only if you have the
> >     property
> >     >set to true, SQL authorization would be enforced. This is to
> >     maintain
> >     >backwards compatibility.
> >     >
> >     >Satheesh
> >     >
> >     >
> >     >
> >     >>
> >
> http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
> >     <
> http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
> >
> >     >>
> >     >>
> >     >><quote>
> >     >>When a database is created, if derby.database.sqlAuthorization
> >     >>property value is true, the database gets created with standard
> >     >>security mode, enabling grant and revoke. This property could be
> >     set
> >     >>either as a system property in derby.properties file or as
> >     application
> >     >>property.
> >     >></quote>
> >     >>
> >     >>But the following lines caught my attention
> >     >>
> >     >><quote>
> >     >>It may be good to switch the default connection mode to standard
> >     model
> >     >>and hence support grant/revoke by default in future releases.
> >     >></quote>
> >     >>
> >     >>Is this being implemented?
> >     >>
> >     >>Can any one please clarify?
> >     >>
> >     >>Thanks
> >     >>Manjula
> >     >>
> >     >>
> >     >>
> >     >>
> >     >>
> >     >>
> >     >
> >     >
> >     >
> >     >
> >
> >
>
>

Mime
View raw message