db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Satheesh Bandaram (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1646) Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
Date Sat, 05 Aug 2006 07:15:15 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425937 ] 
            
Satheesh Bandaram commented on DERBY-1646:
------------------------------------------

I have rewriten Laura's comment earlier with some updates. This being a text window, I couldn't
high-light changes, sorry. I think it is important not to mix up "access mode" with "authorization".

Let me know if you need any further clarifications.

Setting the default access mode

There are two properties that control access to database objects for users. They are derby.database.defaultConnectionMode
and derby.database.sqlAuthorization.

The default settings for these properties allow anyone to access and drop the database objects
that you create. The default setting for the derby.database.defaultConnectionMode property
is fullAccess and the default setting for the derby.database.sqlAuthorization property is
FALSE. You can change the default access mode by specify different settings for these properties.

These properties work together:

When the derby.database.sqlAuthorization property is FALSE, ability to read or write database
objects is determained by the setting for the derby.database.defaultConnectionMode property.
If the derby.database.defaultConnectionMode property is set to readOnlyAccess, users can access
(read) database all of the objects but they cannot update or drop the objects.

When the derby.database.sqlAuthorization property is TRUE, ability to read or write database
objects is further restricted to the owner of the database objects. The owner must grant permission
for others to access the database objects. No one but the owner of an object can drop the
object. Note that derby.database.defaultConnectionMode, if set to readOnlyAccess, allows read
only access to database objects even for the owner of an object.

The access mode specified for the derby.database.defaultConnectionMode property overrides
the permissions that are granted by the owner of a database object. For example, if a user
is granted INSERT privileges on a table but the user only has read-only connection access,
the user cannot insert data into the table.

Derby validates the database properties when you set the properties. A user exception is returned
if you specify an invalid value when you set these properties.

derby.database.defaultConnectionMode property
The derby.database.defaultConnectionMode property controls the default authorization when
users connect to the database.
The valid settings for the derby.database.defaultConnectionMode property are:

noAccess
readOnlyAccess
fullAccess

The default value is fullAccess.

derby.database.sqlAuthorization property
The derby.database.sqlAuthorization property provides the ability for object owners to grant
and revoke permission for users to perform actions on database objects.
The valid settings for the derby.database.sqlAuthorization property are:

TRUE
FALSE

The default value is FALSE.

> Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1646
>                 URL: http://issues.apache.org/jira/browse/DERBY-1646
>             Project: Derby
>          Issue Type: New Feature
>          Components: Documentation
>    Affects Versions: 10.2.0.0
>            Reporter: Mamta A. Satoor
>         Assigned To: Laura Stewart
>
> Creating a separate jira entry for documentation of Grant/Revoke Authorization for views/triggers/constraints/routines(Engine
changes are going as part of DERBY-1330).
> Will link this jira entry to DERBY-1330

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message