db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [jira] Commented: (DERBY-2109) System privileges
Date Mon, 21 Jan 2008 21:34:19 GMT
Rick Hillegas (JIRA) wrote:

> 2) On the other hand, a customer whose authentication service treats Edward and EdWard
as the same username is not going to want to have to grant shutdown privilege to every casing

No scheme would require that. Remember authentication and authorization 
are different. Authorization is entirely within Derby's realm, 
unaffected by the authentication that proceeded it. For this case the 
text within the policy file will be either:

    // Format of Principal's name corresponds to SYSUID
    SystemPrincipal "EDWARD";

or any *one* of the following

   // Format of Principal's name corresponds to user identifier
   // and thus matches Derby's existing way to specify a user
   // in other Java constructs.
   SystemPrincipal "edward"
   SystemPrincipal "EdWard"
   SystemPrincipal "EDWArD"  // etc. etc.

This is of course assuming that system user handling continues with its 
current rules that follow database user handling.


View raw message