db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5522) Document the NATIVE authentication scheme.
Date Mon, 12 Mar 2012 12:25:39 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227458#comment-13227458
] 

Rick Hillegas commented on DERBY-5522:
--------------------------------------

Hi Kim,

Thanks for continuing to think about how NATIVE authentication interacts with other Derby
security features.

>Should they also be listed as deprecated and not to be documented in the future?

We probably want to discuss that with the broader community and understand who (if anyone)
is still using these features.

>So would you normally set up roles in the credentials db, or only in the clients that
used it? I suppose you might want to grant different access to different users for different
applications, so doing it in the clients would give you greater flexibility? 

You would set up roles in each database. That's an interesting asymmetry between Derby authentication
and authorization. Authentication can be system-wide but authorization is always database-specific.
We have talked a little about system-wide authorization but only in the context of system-wide
privileges which are not addressed by the SQL Standard (e.g., database creation and
engine shutdown).

>So apparently behaving "as if" derby.database.sqlAuthorization is set isn't good enough
for CREATE ROLE? 

I am unable to reproduce this behavior. Is it possible that you didn't reboot the database
after turning on NATIVE authentication but before trying to create a role? I don't think that
the functional spec touched this point: the derby.authentication.provider property continues
to be one of the properties which doesn't take effect until you bounce the database.

If you did bounce the database, then I don't know what's happening. Could you attach the latest
version of your test program so that I can look into this one?

Thanks,
-Rick

                
> Document the NATIVE authentication scheme.
> ------------------------------------------
>
>                 Key: DERBY-5522
>                 URL: https://issues.apache.org/jira/browse/DERBY-5522
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>         Attachments: NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java,
NativeAuthExampleEmbedded.java
>
>
> We should document NATIVE authentication after we have implemented the changes described
on DERBY-866. The documentation changes are described by the functional spec UserManagement.html
attached to that issue.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message