db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject Re: Question about Grant/Revoke
Date Sun, 19 Mar 2006 02:06:44 GMT
Actually, Manjula, looks like Satheesh made a checkin this morning which has
changed the property Dderby.database.defaultConnectionMode=sqlStandard to
derby.database.sqlAuthorization. It should be set to true to enabled
grant/revoke. So, if you do a sync on Derby 10.2 code and recompile, the
property you are using should work fine and should let you use grant/revoke.


Mamta


On 3/18/06, Mamta Satoor <msatoor@gmail.com> wrote:
>
>  Manjula, following is how I start ij to enable grant/revoke
> $ java -Dderby.database.defaultConnectionMode=sqlStandard -
> Dij.exceptionTrace=true org.apache.derby.tools.ij
>
> So, the property you need in derby.properties file is
> Dderby.database.defaultConnectionMode=sqlStandard. I haven't done sync on
> my client in quite some time but I think it is still the right property to
> enable grant/revoke.
>
> Mamta
>
>
> On 3/17/06, Manjula G Kutty <manjula.kutty@gmail.com > wrote:
> >
> > So if I put derby.database.sqlAuthorization=true in the derby.properties
> > file then the command like this should execute without error message?
> > ij> connect 'jdbc:derby:grntdb;create=true' user 'mkutty';
> > ij> create table tab1(i int, j int);
> > 0 rows inserted/updated/deleted
> > ij> grant select on tab1 to mkutty;
> >
> > But after the last statement I 'm getting the error message :
> > ERROR 42Z60: GRANT not allowed unless database property
> > derby.database.defaultCo
> > nnectionMode has value 'sqlStandard'.
> >
> >
> > Am I doing something wrong here?
> >
> > --Manjula
> >
> > Rajesh Kartha wrote:
> >
> > > >
> > > >So that means if I put the 'derby.database.sqlAutherization' property
> > > in the derby.property file can I do grant/Revoke now?
> > > >
> > > As I understand, currently the statements should execute, but it won't
> >
> > > be enforced till Part 2 for DERBY-464 is applied. So any
> > > negative tests to verify permissions will not work.
> > >
> > > -Rajesh
> > >
> > >
> > > On 3/15/06, *Manjula G Kutty* < manjula.kutty@gmail.com
> > > <mailto:manjula.kutty@gmail.com>> wrote:
> > >
> > >     Hi Satheesh,
> > >     Thanks for your reply. So that means if I put the
> > >     'derby.database.sqlAutherization' property in the derby.propertyfile
> > >     can I do grant/Revoke now? Also one minor suggestion from my view,
> > The
> > >     functional spec talks about these property under the heading
> > 'derby
> > >     upgrade and migration'. Can you move that under some other
> > meaningful
> > >     heading?
> > >
> > >
> > >     Thanks
> > >     Manjula
> > >
> > >
> > >     Satheesh Bandaram wrote:
> > >
> > >     >Manjula G Kutty wrote:
> > >     >
> > >     >
> > >     >
> > >     >>Hi ,
> > >     >>I was investigating the Grant/Revoke functionality added till
> > >     now. And
> > >     >>found
> > >     >>
> > >     >>0 rows inserted/updated/deleted
> > >     >>ij> grant select on t1 to mkutty;
> > >     >>ERROR 42Z60: GRANT not allowed unless database property
> > >     >> derby.database.defaultConnectionMode has value 'sqlStandard'.
> > >     >>
> > >     >>
> > >     >
> > >     >This was the original proposal on how to ask for SQL
> > authorization
> > >     >mode... by setting defaultConnectionMode. Following further
> > >     discussion
> > >     >on the list, the functional spec has been changed say
> > >     >'derby.database.sqlAuthorization' is the way to ask for SQL
> > >     >authorization. Change in functionality hasn't been reflected in
> > >     the code
> > >     >yet.
> > >     >
> > >     >
> > >     >
> > >     >>Also to mention that if I'm not mistaken I have to put the
> > >     >>derby.database.sqlAuthorization property only for upgrading
> > >     derby from
> > >     >>version10.1 right?  I came to this conclusion because I found
> > the
> > >     >>follwing sentences on the functional spec under "*derby upgrade
> > and
> > >     >>migration*"
> > >     >>
> > >     >>
> > >     >
> > >     >No... Default authorization model in Derby 10.2 is still legacy
> > >     mode..
> > >     >So if you create a database without setting sqlAuthorization
> > >     property,
> > >     >you shouldn't be able to do GRANT/REVOKE. Only if you have the
> > >     property
> > >     >set to true, SQL authorization would be enforced. This is to
> > >     maintain
> > >     >backwards compatibility.
> > >     >
> > >     >Satheesh
> > >     >
> > >     >
> > >     >
> > >     >>
> > >
> > http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
> > >     <http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
> > >
> > >     >>
> > >     >>
> > >     >><quote>
> > >     >>When a database is created, if derby.database.sqlAuthorization
> > >     >>property value is true, the database gets created with standard
> > >     >>security mode, enabling grant and revoke. This property could be
> > >     set
> > >     >>either as a system property in derby.properties file or as
> > >     application
> > >     >>property.
> > >     >></quote>
> > >     >>
> > >     >>But the following lines caught my attention
> > >     >>
> > >     >><quote>
> > >     >>It may be good to switch the default connection mode to standard
> >
> > >     model
> > >     >>and hence support grant/revoke by default in future releases.
> > >     >></quote>
> > >     >>
> > >     >>Is this being implemented?
> > >     >>
> > >     >>Can any one please clarify?
> > >     >>
> > >     >>Thanks
> > >     >>Manjula
> > >     >>
> > >     >>
> > >     >>
> > >     >>
> > >     >>
> > >     >>
> > >     >
> > >     >
> > >     >
> > >     >
> > >
> > >
> >
> >
>

Mime
View raw message