db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francois Orsini <francois.ors...@gmail.com>
Subject Re: Issues with SQL Roles
Date Sat, 04 Apr 2009 20:35:19 GMT
Hi Tiago,

Did you set 'derby.database.sqlAuthorization=TRUE' *before* creating the
database?

If not, you would have to specifically set it for this database using:
ij> CALL
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization','true');

http://db.apache.org/derby/docs/dev/devguide/cdevcsecure866060.html

Otherwise, make sure your derby.properties is actually accessed by the Derby
instance - For example, try to connect with an incorrect password and see if
it denies the connection for a user.

--francois

On Sat, Apr 4, 2009 at 5:03 AM, Tiago Espinha <tiago@espinhas.net> wrote:

> Hi everyone,
>
> I am testing the SQL Roles for the 10.5 buddy testing and I'm facing
> some issues. By following the documentation, I have created the
> following derby.properties file:
>
> derby.connection.requireAuthentication=TRUE
> derby.database.sqlAuthorization=TRUE
> derby.authentication.provider=BUILTIN
> derby.user.adm=java
> derby.user.tiago=espinha
>
> Now, the steps I've followed afterwards (on ij) are:
> > connect
> 'jdbc:derby://localhost:1527/goodone;create=true;user=adm;password=java';
>
> And the database gets created properly. Then I proceed to create a
> test table, while still logged in as 'adm':
> > create table t2 (f1 int, f2 varchar(20));
>
> Then I disconnect; from the server and connect back on, this time with
> the user 'tiago':
> > connect
> 'jdbc:derby://localhost:1527/goodone;user=tiago;password=espinha';
>
> At this point I am logged in but, opposed to what I would think, I
> have access to the table I just created with 'adm'. I do have to
> specify the 'adm' schema to access it but I do not have any
> restrictions whatsoever. I can INSERT, SELECT and even DROP the table
> without any restriction. By default I should not have any privileges
> at all over the table adm.t2 should I?
>
> Can someone help me out and tell me what exactly am I doing wrong?
> Keep in mind that I would like to have only the SQL authentication
> turned on.
>
> Thanks in advance,
> Tiago
>

Mime
View raw message