db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tiago Espinha <ti...@espinhas.net>
Subject Re: Issues with SQL Roles
Date Sat, 04 Apr 2009 20:44:23 GMT
Hello Fran├žois,
I believe I had indeed set that property before creating the database. Just
to be sure, I did as you said and set it as a database property by calling
that statement. However, after doing so, I'm still able to access the
'adm.t2' table as I wish from the 'tiago' user.

I'm also sure that Derby is seeing the correct properties file. I tried to
login with a wrong password and I wasn't allowed in.

Any more ideas?


On Sat, Apr 4, 2009 at 9:35 PM, Francois Orsini

> Hi Tiago,
> Did you set 'derby.database.sqlAuthorization=TRUE' *before* creating the
> database?
> If not, you would have to specifically set it for this database using:
> ij> CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization','true');
> http://db.apache.org/derby/docs/dev/devguide/cdevcsecure866060.html
> Otherwise, make sure your derby.properties is actually accessed by the
> Derby instance - For example, try to connect with an incorrect password and
> see if it denies the connection for a user.
> --francois
> On Sat, Apr 4, 2009 at 5:03 AM, Tiago Espinha <tiago@espinhas.net> wrote:
>> Hi everyone,
>> I am testing the SQL Roles for the 10.5 buddy testing and I'm facing
>> some issues. By following the documentation, I have created the
>> following derby.properties file:
>> derby.connection.requireAuthentication=TRUE
>> derby.database.sqlAuthorization=TRUE
>> derby.authentication.provider=BUILTIN
>> derby.user.adm=java
>> derby.user.tiago=espinha
>> Now, the steps I've followed afterwards (on ij) are:
>> > connect
>> 'jdbc:derby://localhost:1527/goodone;create=true;user=adm;password=java';
>> And the database gets created properly. Then I proceed to create a
>> test table, while still logged in as 'adm':
>> > create table t2 (f1 int, f2 varchar(20));
>> Then I disconnect; from the server and connect back on, this time with
>> the user 'tiago':
>> > connect
>> 'jdbc:derby://localhost:1527/goodone;user=tiago;password=espinha';
>> At this point I am logged in but, opposed to what I would think, I
>> have access to the table I just created with 'adm'. I do have to
>> specify the 'adm' schema to access it but I do not have any
>> restrictions whatsoever. I can INSERT, SELECT and even DROP the table
>> without any restriction. By default I should not have any privileges
>> at all over the table adm.t2 should I?
>> Can someone help me out and tell me what exactly am I doing wrong?
>> Keep in mind that I would like to have only the SQL authentication
>> turned on.
>> Thanks in advance,
>> Tiago

View raw message