db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject Question on Grant revoke functional spec
Date Wed, 26 Jul 2006 17:37:31 GMT

I was going through the grant revoke functional spec which is attached to
DERBY-464 and was puzzled by following example in there

CREATE VIEW s.v(vc1,vc2,vc3)
    AS SELECT t1.c1,t1.c2,f(t1.c3) FROM t1 JOIN t2 ON t1.c1 = t2.c1 WHERE
t2.c2 = 5

Jane needs the following permissions in order to create the view:


   ownership of schema s (so that she can create something in it),

   *ownership of table t1 (so that she can allow others to see columns in
   it), *

   select permission on t2.c1 and t2.c1, and

   execute permission on f.

The example says that Jane needs ownerhsip of table t1 so she can allow
others to see columns in it. Is that right?

Currently, in Derby SQL Authorization mode, I can create a view based on a
table in some other schema as long as I have the select privilege on it.
Following is the ij session showing that behavior
$ java -Dderby.database.sqlAuthorization=true -Dij.exceptionTrace=true
ij version 10.2
ij> connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user 'mamta1'
as mamta1;
ij> create table t1(c11 int);
0 rows inserted/updated/deleted
ij> grant select on t1 to mamta2;
0 rows inserted/updated/deleted
ij> connect 'jdbc:derby:c:/dellater/dbmaintest2;create=true' user 'mamta2'
as mamta2;
WARNING 01J01: Database 'c:/dellater/dbmaintest2' not created, connection
made to existing database instead.
ij(MAMTA2)>create view v1 as select * from mamta1.t1;
0 rows inserted/updated/deleted


View raw message