Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 82899 invoked from network); 6 Dec 2007 07:19:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Dec 2007 07:19:58 -0000 Received: (qmail 74070 invoked by uid 500); 6 Dec 2007 07:19:46 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 74035 invoked by uid 500); 6 Dec 2007 07:19:46 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 74024 invoked by uid 99); 6 Dec 2007 07:19:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2007 23:19:45 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ajvok1@gmail.com designates 209.85.198.184 as permitted sender) Received: from [209.85.198.184] (HELO rv-out-0910.google.com) (209.85.198.184) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Dec 2007 07:19:23 +0000 Received: by rv-out-0910.google.com with SMTP id b22so129168rvf for ; Wed, 05 Dec 2007 23:19:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=5PgLctWZH0X8ntPbeN7aCFzxXWDjkZTVccQ/ZFzVurg=; b=bhXzZAM9ke7tdOEjwivQaq+p1DWrewkA8ej4ygisqfz+yy4TzGAZdwfwfk/s5HUbpzgCdx3aNnScg6cfMqvGGsUKGvnzqZAq6ghaa8xHStaQpWXaxhFYmAxia0/5gSxzNQou5g0Br8ldBCp0baQHzHz55jTGCgUMYPM0QF0q4M8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=JY22rFR6/SQAi09UDfsnj1GO2pSXwi0xIZEihooBULf5AJGkJH0uc1llMb2lu+QLCECS2Ul6uPyYe+0QWxjMdmzqimKk5LGP5jdurjWaIbrU12FJBN6X9YDbh+Nk63J+jItodCNtdngQne6ecQYdu969Q9fFzKwnLUi50z9ZwWg= Received: by 10.140.88.11 with SMTP id l11mr1778466rvb.1196925566315; Wed, 05 Dec 2007 23:19:26 -0800 (PST) Received: by 10.141.86.21 with HTTP; Wed, 5 Dec 2007 23:19:26 -0800 (PST) Message-ID: Date: Thu, 6 Dec 2007 15:19:26 +0800 From: "adam jvok" To: "Derby Discussion" Subject: Re: Temp Tables: User can not perform the operation in schema 'SESSION'. In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Virus-Checked: Checked by ClamAV on apache.org That makes sense to me. Thanks. It helps me understand the problem, but does not solve it. How can userb create a temp table in a database that was created by usera? Say usera creates the db and many other users want to run a query on that db that relies upon them being able to create a temp table. How can it be done? Thanks for your help. On 12/6/07, Mamta Satoor wrote: > Thanks for providing a reproducible case so quickly. > > The reason 'USERB' can't create global temp tables is because SESSION > schema is owned by 'USERA' (SESSION schema is where global temporary > tables reside). You will see the same behavior for any other schemas > owned by USERA, ie, USERB will not be able to create objects in any > schemas owned by USERA. > > When you say that there is no other problems with USERB ie you can do > create table t1, that is because when you connect as USERB, your > current schema is USERB and not USERA and since USERB owns USERB > schema there are no errors raised when you issue create table t1. But > if USERB were to set it's current schema as USERA, you will noticed > that same create table t1 will fail now because USERB does not own > schema USERA. Let me show following ij session to demonstrate the > behavior. > > Start the network server and then ij > ij> connect > 'jdbc:derby://localhost:1527/c:/dellater/netdb;user=usera;password=pwd;create=true'; > ij> values current schema; > 1 > -------------------------------------------------------------------------------- > USERA > 1 row selected > -----notice that table t below has been created in schema USERA > ij> create table t(c11 int); > 0 rows inserted/updated/deleted > ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.userb','pwd'); > Statement executed. > ij> call SYSCS_UTIL.SYSCS_SET_USER_ACCESS('userb','FULLACCESS'); > Statement executed. > ij> disconnect; > ij> connect > 'jdbc:derby://localhost:1527/c:/dellater/netdb;user=userb;password=pwd;create=true'; > -----notice current schema is USERB and not USERA > ij> values current schema; > 1 > -------------------------------------------------------------------------------- > USERB > 1 row selected > -----notice that table t1 below is getting created in current schema > which is USERB and > -----which is owned by user USERB > ij> create table t1(c11 int); > 0 rows inserted/updated/deleted > ----switch to schema not owned by USERB > ij> set schema usera; > 0 rows inserted/updated/deleted > ----attempt to create objects in USERA schema will fail because USERB > does not own it > ij> create table t2(c11 int); > ERROR 42507: User 'USERB' can not perform the operation in schema 'USERA'. > java.sql.SQLException: User 'USERB' can not perform the operation in schema > 'USE > RA'. > > I hope this helps, > Mamta > > On 12/5/07, adam jvok wrote: > > I have a derby.properties like this: > > > > derby.connection.requireAuthentication=true > > derby.authentication.provider=BUILTIN > > derby.database.sqlAuthorization=TRUE > > derby.user.usera=pwd > > derby.fullAccessUsers=usera > > derby.drda.host=192.168.1.50 > > > > I start the network server and run up 'ij'. > > ij>connect > 'jdbc:derby://192.168.1.50:1527/TEST1;user=usera;password=pwd;create=true;'; > > ij> declare global temporary table t11(a int) on commit preserve rows > > not logged; > > 0 rows inserted/updated/deleted > > > > All good so far. > > > > Now try this (while still connected as usera): > > ij> call SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.userb','pwd'); > > Statement executed. > > ij> call SYSCS_UTIL.SYSCS_SET_USER_ACCESS('userb','FULLACCESS'); > > Statement executed. > > ij> disconnect; > > ij> connect > 'jdbc:derby://192.168.1.50:1527/TEST1;user=userb;password=pwd;'; > > ij> declare global temporary table t1(a int) on commit preserve rows not > logged; > > ERROR 42507: User 'USERB' can not perform the operation in schema > 'SESSION'. > > > > There is no other problem with userb, e.g. I can do: > > ij> create table t1(a int); > > 0 rows inserted/updated/deleted > > > > It just doesn't like userb creating temp tables??? > > > > > > On 12/6/07, Mamta Satoor wrote: > > > Adam, can you provide simple ij script or sequence of sql statements > > > to demonstrate the problem. That will make it easier for people to see > > > exactly what is going on. > > > > > > Mamta > > > > > > On 12/5/07, adam jvok wrote: > > > > I can create a temp table with no problem like this: > > > > > > > > declare global temporary table t1(a int) on commit preserve rows not > > > logged; > > > > > > > > ONLY if I am connected using the username that created the db. > > > > > > > > Attempting to create a temp table as any other user results in: > > > > > > > > User 'whatever' can not perform the operation in schema 'SESSION'. > > > > > > > > Is it possible to overcome this? > > > > > > > > > >