db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: SQL authorisation and routine permissions
Date Mon, 03 May 2010 22:31:38 GMT
Thomas <Thomas.K.Hill@t-online.de> writes:


> Hi,
>
> having set-up SQL authorisation I would like to grant data modification rights
> (insert, update, delete) to stored procedures only.
> I was assuming that granting executing rights on a routine using GRANT EXECUTE
> ON PROCEDURE to appl_user (with appl_user being a role) would automatically
> grant the right to insert data to any user who can take on this role. So there
> is no need to also GRANT INSERT ON TABLE xy TO appl_user. However testing this I
> am getting a '<user> does not have INSERT permission on table' error. Does this
> mean I have to grant rights on the tables accessed in a procedure on top of
> granting execution rights on the procedure for this to work?

Yes, currently, Derby routines execute with the invoker's current
privileges. SQL has a provision for defining routines to run with the
definer's privileges as well, but this is not yet implemented in
Derby. Feel free to file an improvement request!

Thanks,
Dag

Mime
View raw message