db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francois Orsini <francois.ors...@gmail.com>
Subject Re: Issues with SQL Roles
Date Sat, 04 Apr 2009 20:35:19 GMT
Hi Tiago,

Did you set 'derby.database.sqlAuthorization=TRUE' *before* creating the

If not, you would have to specifically set it for this database using:
ij> CALL


Otherwise, make sure your derby.properties is actually accessed by the Derby
instance - For example, try to connect with an incorrect password and see if
it denies the connection for a user.


On Sat, Apr 4, 2009 at 5:03 AM, Tiago Espinha <tiago@espinhas.net> wrote:

> Hi everyone,
> I am testing the SQL Roles for the 10.5 buddy testing and I'm facing
> some issues. By following the documentation, I have created the
> following derby.properties file:
> derby.connection.requireAuthentication=TRUE
> derby.database.sqlAuthorization=TRUE
> derby.authentication.provider=BUILTIN
> derby.user.adm=java
> derby.user.tiago=espinha
> Now, the steps I've followed afterwards (on ij) are:
> > connect
> 'jdbc:derby://localhost:1527/goodone;create=true;user=adm;password=java';
> And the database gets created properly. Then I proceed to create a
> test table, while still logged in as 'adm':
> > create table t2 (f1 int, f2 varchar(20));
> Then I disconnect; from the server and connect back on, this time with
> the user 'tiago':
> > connect
> 'jdbc:derby://localhost:1527/goodone;user=tiago;password=espinha';
> At this point I am logged in but, opposed to what I would think, I
> have access to the table I just created with 'adm'. I do have to
> specify the 'adm' schema to access it but I do not have any
> restrictions whatsoever. I can INSERT, SELECT and even DROP the table
> without any restriction. By default I should not have any privileges
> at all over the table adm.t2 should I?
> Can someone help me out and tell me what exactly am I doing wrong?
> Keep in mind that I would like to have only the SQL authentication
> turned on.
> Thanks in advance,
> Tiago

View raw message