db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laura Stewart (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1646) Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
Date Sat, 05 Aug 2006 00:16:14 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425909 ] 
Laura Stewart commented on DERBY-1646:

I was very unhappy with the content of the file that describes setting the default access
So based on your comments I reworded it.  Please let me know if there is anything amiss...

Setting the default access mode

There are two properties that control the default access mode for database objects, the derby.database.defaultConnectionMode
property and the derby.database.sqlAuthorization property.

The default settings for these properties allow anyone to access and drop the database objects
that you create. The default setting for the derby.database.defaultConnectionMode property
is fullAccess and the default setting for the derby.database.sqlAuthorization property is
FALSE. You can change the default access mode by specify different settings for these properties.

These properties work together: 

When the derby.database.sqlAuthorization property is FALSE, the default access mode is determined
by the setting for the derby.database.defaultConnectionMode property. If the derby.database.defaultConnectionMode
property is set to readOnlyAccess, users can access (read) database all of the objects but
they cannot update or drop the objects. 

When the derby.database.sqlAuthorization property is TRUE, the default access mode is restricted
to the owner of the database objects. The owner must grant permission for others to access
the database objects. No one but the owner of an object can drop the object. 

The access mode specified for the derby.database.sqlAuthorization property overrides the permissions
that are granted by the owner of a database object. For example, if a user is granted INSERT
privileges on a table but the user only has read-only connection authorization, the user cannot
insert data into the table. 

Derby validates the database authorization properties when you set the properties. A user
authorization exception is returned if you specify an invalid value when you set these properties.

derby.database.defaultConnectionMode property
The derby.database.defaultConnectionMode property controls the default authorization when
users connect to the database.
The valid settings for the derby.database.defaultConnectionMode property are:


The default value is fullAccess. 

derby.database.sqlAuthorization property
The derby.database.sqlAuthorization property controls the ability for object owners to grant
and revoke permission for users to perform actions on database objects.
The valid settings for the derby.database.sqlAuthorization property are:


The default value is FALSE.

> Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
> -------------------------------------------------------------------------------------------------------
>                 Key: DERBY-1646
>                 URL: http://issues.apache.org/jira/browse/DERBY-1646
>             Project: Derby
>          Issue Type: New Feature
>          Components: Documentation
>    Affects Versions:
>            Reporter: Mamta A. Satoor
>         Assigned To: Laura Stewart
> Creating a separate jira entry for documentation of Grant/Revoke Authorization for views/triggers/constraints/routines(Engine
changes are going as part of DERBY-1330).
> Will link this jira entry to DERBY-1330

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message