db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3200) Developer's Guide: Add examples showing use of SQL authorization with user authentication
Date Mon, 12 Nov 2007 22:42:50 GMT
Developer's Guide: Add examples showing use of SQL authorization with user authentication

                 Key: DERBY-3200
                 URL: https://issues.apache.org/jira/browse/DERBY-3200
             Project: Derby
          Issue Type: Improvement
          Components: Documentation
            Reporter: Kim Haase
            Assignee: Kim Haase
            Priority: Minor

This is the followup to DERBY-1823 that Francois Orsini suggested.

I've been experimenting and reading the Developer's Guide section on SQL authorization (User
authorizations, cdevcsecure36595).

It appears that the only use of SQL authorization mode is to restrict user access, not to
expand it.

For example, if you set the default connection mode to noAccess, a user with fullAccess can't
grant any privileges to a user with noAccess. And presumably if the default connection mode
is readOnlyAccess, a user with fullAccess can't grant any privileges beyond SELECT, which
the user has anyway.

Only if the default connection mode is fullAccess is SQL authorization mode meaningful. That
means that a fullAccess user can use GRANT to restrict another user's privileges on a particular
database that the user owns.

I'm running into a problem at the end, though. At the beginning of the program, as nobody
in particular, I was able to create several users, some of them with full access. But at the
end of the program, it seems that even a user with full access isn't allowed to turn off those
database properties:

Message:  User 'MARY' does not have execute permission on PROCEDURE 'SYSCS_UTIL'.'SYSCS_SET_DATABASE_PROPERTY'.

This seems a bit extreme. I know that with SQL authorization on, "the ability to read from
or write to database objects is further restricted to the owner of the database objects."
But the ability to execute built-in system procedures? Can I log in as SYSCS_UTIL? How? 

I realize that having access to SYSCS_SET_DATABASE_PROPERTY would allow me to in effect delete
myself -- but that's essentially what I do at the end of the program that sets derby.connection.requireAuthentication
but not derby.database.sqlAuthorization. 

The documentation does say that once you have turned on SQL authorization, you can't turn
it off. But it doesn't say that you can't turn anything else off, either!

I'll attach the program I've been using. Most of the stacktraces are expected, but I'm stumped
by that last one.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message