db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-464) Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.
Date Mon, 24 Jul 2006 23:45:15 GMT
    [ http://issues.apache.org/jira/browse/DERBY-464?page=comments#action_12423202 ] 
            
Daniel John Debrunner commented on DERBY-464:
---------------------------------------------

I would say one definition of sub-task is that the main task is not complete until all of
the sub-tasks are.
Though I think sometimes sub-tasks are added when a better choice would be to add separate
tasks.
And the situation is not helped by Jira not allowing sub-tasks to moved once created.

In this case it seems to me:

   DERBY-1023 is no longer part of the functional spec and should be marked no fix intended
(ideally it would be moved out to be its own improvement).
   DERBY-1057 should be a separate task. I would favor this model for documentation of code
features, separate improvement items that are linked but not sub-tasks.

All the others seem to be valid sub-tasks of DERBY-464 and so should be complete before closing
this.


> Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges
than currently provided by Derby that is especially useful in network configurations.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-464
>                 URL: http://issues.apache.org/jira/browse/DERBY-464
>             Project: Derby
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 10.0.2.1, 10.1.1.0, 10.2.0.0
>         Environment: generic
>            Reporter: Satheesh Bandaram
>         Assigned To: Satheesh Bandaram
>             Fix For: 10.2.0.0
>
>         Attachments: changeDescriptionPartII, grantRevoke.patch.Dec5, grantRevoke.stat.Dec5,
GrantRevokePartII.stat, GrantRevokePartII.txt, GrantRevokePartII.txt, grantRevokeSpec.html,
grantRevokeSpec_v2.html, grantRevokeSpec_v3.html, Privileges.java, Privileges2.java
>
>
> Derby currently provides a very simple permissions scheme, which is quite suitable for
an embedded database system. End users of embedded Derby do not see Derby directly; they talk
to a application that embeds Derby. So Derby left most of the access control work to the application.
Under this scheme, Derby limits access on a per database or per system basis. A user can be
granted full, read-only, or no access. 
> This is less suitable in a general purpose SQL server. When end users or diverse applications
can issue SQL commands directly against the database, Derby must provide more precise mechanisms
to limit who can do what with the database.
> I propose to enhance Derby by implementing a subset of grant/revoke capabilities as specified
by the SQL standard. I envision this work to involve the following tasks, at least:
> 1) Develop a specification of what capabilities I would like to add to Derby.
> 2) Provide a high level implementation scheme.
> 3) Pursue a staged development plan, with support for DDL added to Derby first.
> 4) Add support for runtime checking of these privileges.
> 5) Address migration and upgrade issues from previous releases and from old scheme to
newer database.
> Since I think this is a large task, I would like to invite any interested people to work
with me on this large and important enhancement to Derby.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message