db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject Privilege requirements for a constraint
Date Thu, 29 Jun 2006 06:02:46 GMT

As part of Derby SQL Authorization mode, I am looking into collecting
privilege requirements for a new constraint and saving it into SYSDEPENDS
using dependency manager. Constraints are unlike views and triggers in the
sense that one can create only single view or trigger with a given sql
statement. And hence, all the privileges collected during the bind phase of
create view/trigger applies to that view/trigger. But with constraints, one
can define multiple constraints using a single sql statement.
user1 connects
create table t11 (c111 int not null primary key);
create table t12 (c121 int not null primary key);
grant references on t11 to user2;
grant references on t12 to user2;
user2 connects
create table t21 (c211 int constraint t21c1 references user1.t11, c212 int
constraint t21c2 references user1.t12);
-- For the create table t21 sql above, it has privilege dependency on
mamta1.t11 and mamta1.t12, both of REFERENCES type. But the constraint t21c1
should depend only REFERENCES type privilege on mamta1.t11 And constraint
t21c2 should depend only on REFERENCES type privilege on mamta1.t12 The sql
statement level privilege requirements somehow needs be broken down into
constraint specific privilege list. And that list will be saved in
SYSDEPENDS using the dependency manager. Nothing is coming to my mind right
away about how I would break statement privilege requirement into constraint
specific privilege requirement and wondered if community had any
tips/pointers for me.

As always, any feedback greatly appreciated,

View raw message