db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1646) Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
Date Fri, 04 Aug 2006 22:24:15 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425882 ] 
            
Daniel John Debrunner commented on DERBY-1646:
----------------------------------------------

3) In one way there are not really two models, Laura you put it well in some other comment
that said something like derby.database.sqlAuthorization=true allows the application to use
grant/revoke.  The existing coarse grained authorization continues to work (I hope :-) and
applications have the option of using the fine grained authorization (grant/revoke)

The way there are two models is that default accessbility to objects is open without grant/revoke
and restricted to the object's owner with grant/revoke.

With derby.database.sqlAuthorization=false (or not set)

If I create a table T then anyone else can access it in any way, including dropping it ,subject
to their coarse grained authorization (noAccess, full or readonly).

With derby.database.sqlAuthorization=true

If I create a table T then no-one else has any access to it unless I grant them select/insert/update
and/or delete access. No-one else
can drop the table under any circumstance. For any other user with a granted privilege on
T they are still subject to  their coarse grained authorization (noAccess, full or readonly).
So if I grant INSERT access to a user that only has read-only connection authorization, then
they can not insert  into the table.



> Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1646
>                 URL: http://issues.apache.org/jira/browse/DERBY-1646
>             Project: Derby
>          Issue Type: New Feature
>          Components: Documentation
>    Affects Versions: 10.2.0.0
>            Reporter: Mamta A. Satoor
>         Assigned To: Laura Stewart
>
> Creating a separate jira entry for documentation of Grant/Revoke Authorization for views/triggers/constraints/routines(Engine
changes are going as part of DERBY-1330).
> Will link this jira entry to DERBY-1330

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message