db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Satheesh Bandaram (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1522) Switch(if supported) from Derby Authorization to Derby SQL Standard Authorization needs to be tested
Date Wed, 02 Aug 2006 18:46:14 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1522?page=comments#action_12425338 ] 
Satheesh Bandaram commented on DERBY-1522:

1) Mamta says: "after the upgrade, all the existing schemas and objects in them should be
owned by the dba and any other users will need to have permissions granted to them by the

Don't think that is true... Even in Derby authorization mode, schemas created by regular users
have their authorizationId recorded in sysschemas. Derby authorization mode only recognises
fullAccessUsers (who can modify any object owned by anyone) or readOnlyAccess or no access.
But once switching to SQL authorization mode, only schema owners would have access to objects
in their schema and others would need explicit GRANT from schema owner to be able to access

As far as additional testing for switching from Derby authorization mode to SQL mode, tests
to cover include new restrictions we currently have on SQL authorization mode and to make
sure they are actually enforced correctly. Some of the items to check, after switching to
SQL authorization mode, include 1) Only owners can access their objects 2) regular users can
only create a schema that matches their authorizationId 3) Database owner can access any object
in the system 4) definer model being correctly enforced etc. 5) Access to many system routines
are restricted 6) Cann't switch mode back to Derby authorization

Thanks Deepa for looking at DERBY-1544.

> Switch(if supported) from Derby Authorization to Derby SQL Standard Authorization needs
to be tested
> ----------------------------------------------------------------------------------------------------
>                 Key: DERBY-1522
>                 URL: http://issues.apache.org/jira/browse/DERBY-1522
>             Project: Derby
>          Issue Type: Task
>          Components: JDBC
>    Affects Versions:
>            Reporter: Mamta A. Satoor
>             Fix For:
> There has been discussions on the Derby-dev list about switch from Derby Authorization
to Derby SQL Standard Authorization for existing databases. If we do decide to support a switch
like that, testing needs to be done/added to make sure everything works fine after the switch.
> ps I have added this JIRA entry to JDBC component but I am not 100% sure if that is the
right component.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message