db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiranya Jayathilaka <hiranya...@gmail.com>
Subject SQL Authorization for dblook: Progress Update
Date Sun, 24 May 2009 17:02:35 GMT
Hi Devs,

I have started writing code for my GSoC project (SQL authorization support
for dblook). To start with I developed some basic data structures to store
the information (permissions, authorization Ids etc) regarding persistent
database objects. Using these basic structures I've developed a class which
will act as the blueprint of the dblook dependency graph as well as the role
dependency graph.

I've already done some coding related to the construction of the dependency
graph. Before I go any further I would like to get a couple of things
clarified.

1.The documentation on system tables implies that only views, constraints
and triggers can directly depend on another persistent object. (I'm
referring to the SYSDEPENDS table here) Have I understood that correctly?
Won't there be any situations where, say a table, is dependent on another
object?

2.What is the DDL statement we should generate to create a database
connection as a particular user and what is the statement to close it? (I'm
currently saving authentication Ids associated with each object in the graph
vertices and I can use that information to generate a connection
establishment statement prior to actually creating the object.)

3.It appears after creating a table we have to do two types of permission
grants - Table permission grants (from SYSTABLEPERMS table) and column
permission grants (from SYSCOLPERMS table). Is that correct?

Some insight on these matters would be most appreciated.

Thanks,
Hiranya

-- 
Hiranya Jayathilaka
E-mail: hiranya@apache.org;  Mobile: +94 77 633 3491
Blog: http://techfeast-hiranya.blogspot.com

Mime
View raw message